Database apparatus, method, and program

ABSTRACT

Provided a database apparatus comprising a control means to execute data access control on a database, wherein the control means, receiving a database operation command from a user apparatus, comprises, regarding data and/or metadata to be handled associated with the database operation command, means for executing database operation or computation on encrypted data and/or encrypted metadata as is in ciphertext and means for executing database operation or computation on plaintext data and/or plaintext metadata, and the control means sends a processing result to the user apparatus.

This application is a National Stage of International Application No.PCT/JP2012/079126 filed Nov. 9, 2012, claiming priority based onJapanese Patent Application No. 2011-247909, filed Nov. 11, 2011, thecontents of all of which are incorporated herein by reference in theirentirety.

TECHNICAL FIELD

Reference to Related Application

The present invention is based upon and claims the benefit of thepriority of Japanese patent application No. 2011-247909, filed on Nov.11, 2011, the disclosure of which is incorporated herein in its entiretyby reference thereto.

The present invention relates to a technique for encrypting information.In particular, it relates to a database apparatus, a method, and aprogram.

Background

Recently, there has been observed expanding utilization of cloudcomputing that provides infrastructures such as software, application,and OS (operating system) to clients via the Internet. Even with regardto a database, it is expected that there will be an increase inutilization mode in which the data base is outsourced to such a cloudenvironment.

In outsourcing a database to a cloud environment or the like, preventionof information leakage from the database is particularly important. Toprevent information leakage from a database, various methods in whichdata to be recorded in a database is encrypted have been proposed. Forexample, these methods can be classified into the following techniques,though not limited thereto.

1. When data is stored in a database, the data is encrypted beforestored. When data is retrieved, the data is decrypted and then sent to auser.

For example, Patent Literature 1 discloses a method and an apparatus forautomatic database encryption. According to Patent Literature 1,encryption is automatically executed transparently to a database user,namely, unnoticed by the database user. Patent Literature 1 discloses adatabase system including a client, a database server, and a database.This system operates by receiving a request to store data in a column ofthe database system. When a user specifies a column of the databasesystem as an encrypted column, the system automatically encrypts data byusing an encryption function. This encryption function uses a key storedin a key file managed by a security administrator. After encrypting thedata, the system stores the data by using a storage function of thedatabase system. In addition, the system operates by receiving a requestto retrieve data from an encrypted column of the database system. Thesystem checks whether the column is encrypted by checking metadata of acolumn ID. When the column is encrypted, the system executes thefollowing processing. Namely, when the request to retrieve data is madeby an authorized user, the system retrieves an encryption parameter anda decryption key, decrypts the data, and sends the decrypted data to theclient. However, when the request to retrieve data is made by anunauthorized user, the system does not decrypt the encrypted data. Withthis method and apparatus disclosed in Patent Literature 1, encryptionand decryption keys are managed on the database side, and the user ofthe database system does not need to change any database queries.

2. The user side is allowed to manage a key, by using an encryptionscheme that allows processing on encrypted data to be executed in theform of plaintext.

For example, Patent Literature 2 discloses an encryption databaseretrieval apparatus for speeding up retrieval processing. This apparatusexecutes index creation processing applicable to a retrieval system thatretrieves a document stored in an encryption database without decryptingthe document. The apparatus encrypts retrieval target data by using thesame encryption scheme and key as those used for the encrypted data andretrieves the retrieval target data. With this system, even if there isinformation leakage from the database, only encrypted data is leaked.

In addition, for example, Patent Literature 3 discloses a databaseaccess system as a system in which the user side manages keys and aterminal on the user side encrypts and decrypts data that is stored in adatabase. The user terminal includes a secret key generation means forgenerating a secret key by using a public key, a storage means forstoring the secret key, an encryption means for encrypting data on thebasis of the public key, and a decryption means for decrypting theencrypted data by using the secret key. The database access system isconfigured to accurately prevent data leakage to the administrators andthe like storing and managing data, as well as to third partiesintruding from the outside.

3. Arbitrary processing is executed on ciphertext as in ciphertext.

Non-Patent Literature 1 discloses that an arbitrary logic computationcan be executed on encrypted data by using fully homomorphic encryption,without decrypting the encrypted data.

CITATION LIST Patent Literature

[Patent Literature 1]

-   Japanese Unexamined Patent Application Publication (Translation of    PCT Application) No. 2004-528615 (International Publication No.    02/029577)    [Patent Literature 2]-   Japanese Patent Kokai Publication No. 2005-134990A    [Patent Literature 3]-   Japanese Patent Kokai Publication No. 2004-234344A

Non Patent Literature

[Non-Patent Literature 1]

-   Craig Gentry, “Fully Homomorphic Encryption Using Ideal Lattices”,    STOC '09, pp. 169-178, May 31-Jun. 2, 2009

SUMMARY

Analyses of the above related techniques will be described below.

1. According to the technique in which, when data is stored in adatabase, the data is encrypted before stored, and when data isretrieved, the data is decrypted before sent to a user, the encryptionand decryption keys are arranged on the database side. Thus, informationcould be leaked by such as intrusion to the database system from anoutside or by a malicious operation, and an erroneous operation or thelike by a database manager (a database administrator or the like).2. The technique in which a user side is allowed to manage a key byusing an encryption scheme that can process ciphertext is applicableonly to a part (for example, search processing) of general databaseoperations (SQL) (not applicable to database computation operations andso forth other than the search processing (reference access)).3. The technique that enables processing on encrypted data as is inciphertext by using fully homomorphic encryption requires an enormousamount of computation. For example, it is assumed that the computationquantity that is a trillion times the current computation quantity isnecessary.

Accordingly, the present invention has been made in view of the aboveproblems, and a primary object of the present invention is to provide asystem, a method, and a program that can prevent leakage of confidentialinformation in a database system and can improve processing efficiency.

According to the present invention, there is provided a databaseapparatus, including:

a control unit configured to execute data access control on a database,

the control unit receiving a database operation command from a userapparatus,

the control unit including, regarding data and/or metadata to be handledassociated with the database operation command,

a unit configured to execute database operation or computation onencrypted data and/or encrypted metadata as is in ciphertext; and

a unit configured to execute database operation or computation onplaintext data and/or plaintext metadata,

the control unit sending a processing result to the user apparatus.

According to another aspect of the present invention, there is provideda database control method, including:

receiving a database operation command from a user apparatus;

executing, regarding data and/or metadata to be handled associated withthe database operation command, at least one of

database operation or computation on encrypted data and/or encryptedmetadata as is in ciphertext, and database operation or computation onplaintext data and/or plaintext metadata, regarding data and/or metadatato be handled associated with the database operation command; and

sending a processing result to the user apparatus.

According to still another aspect of the present invention, there isprovided a non-transitory computer readable medium storing a program,causing a computer included in a database control apparatus that isconnected to a user apparatus for communication and that executes dataaccess control on a database to execute processing comprising:

receiving a database operation command from the user apparatus;

executing, regarding data and/or metadata to be handled associated withthe database operation command, at least one of

database operation or computation on encrypted data and/or encryptedmetadata as is in ciphertext, and database operation or computation onplaintext data and/or metadata, regarding data and/or metadata to behandled associated with the database operation command; and

sending a processing result of the database operation to the userapparatus.

According to the present invention, leakage of information in a databasesystem can be prevented and processing efficiency can be improved.

Still other features and advantages of the present invention will becomereadily apparent to those skilled in this art from the followingdetailed description in conjunction with the accompanying drawingswherein only exemplary embodiments of the invention are shown anddescribed, simply by way of illustration of the best mode contemplatedof carrying out this invention. As will be realized, the invention iscapable of other and different embodiments, and its several details arecapable of modifications in various obvious respects, all withoutdeparting from the invention. Accordingly, the drawing and descriptionare to be regarded as illustrative in nature, and not as restrictive.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates a system configuration according to an exemplaryembodiment of the present invention.

FIGS. 2A and 2B illustrate an overall operation according to theexemplary embodiment of the present invention.

FIG. 3 illustrates a configuration of a database control means accordingto the exemplary embodiment of the present invention.

FIG. 4 illustrates another configuration of the database control meansaccording to the exemplary embodiment of the present invention.

FIG. 5 illustrates a cryptographic protocol information storage unitaccording to the exemplary embodiment of the present invention.

FIG. 6 illustrates a security setting information storage unit accordingto the exemplary embodiment of the present invention.

FIGS. 7A, 7B, 7C, 7D, 7E and 7F illustrate ciphertext tables accordingto the exemplary embodiment of the present invention. FIG. 7Aillustrates a table before encryption, FIG. 7B illustrates a ciphertexttable information table, FIG. 7C illustrates a table after encryption,and

FIGS. 7D to 7F illustrate ciphertext tables.

FIG. 8 illustrates a configuration of an application response meansaccording to the exemplary embodiment of the present invention.

FIG. 9 illustrates a security setting information temporary storage unitaccording to the exemplary embodiment of the present invention.

FIG. 10 illustrates a key information storage unit according to theexemplary embodiment of the present invention.

FIG. 11 is a flowchart illustrating a processing flow by a securitysetting means according to the exemplary embodiment of the presentinvention.

FIG. 12 is a flowchart illustrating processing for setting applicationof encryption in a setting update step in FIG. 11.

FIG. 13 is a flowchart illustrating processing for settingnon-application of encryption in the setting update step in FIG. 11.

FIG. 14 is a flowchart illustrating processing for setting aconfidentiality level in the setting update step in FIG. 11.

FIG. 15 illustrates a processing flow executed by the applicationresponse means according to the exemplary embodiment of the presentinvention to reflect a setting target and setting content inputted viathe security setting means.

FIG. 16 is a flowchart illustrating processing executed by theapplication response means according to the exemplary embodiment of thepresent invention to add data in a table already created in a database.

FIG. 17 illustrates the cryptographic protocol information storage unitaccording to the exemplary embodiment of the present invention.

FIG. 18 illustrates the security setting information storage unitaccording to the exemplary embodiment of the present invention.

FIG. 19 illustrates the security setting information temporary storageunit according to the exemplary embodiment of the present invention.

FIGS. 20A and 20B illustrate encryption of column data according to theexemplary embodiment of the present invention.

FIGS. 21A, 21B and 21C illustrate processing for setting a dataconfidentiality level according to the exemplary embodiment of thepresent invention.

FIGS. 22A, 22B, 22C and 22D illustrate processing for setting a dataconfidentiality level according to the exemplary embodiment of thepresent invention.

FIG. 23 illustrates data operation processing according to the exemplaryembodiment of the present invention.

FIGS. 24A, 24B, 24C, 24D and 24E illustrate data operation processingaccording to the exemplary embodiment of the present invention.

FIG. 25 illustrates data operation processing (the cryptographicprotocol information storage unit) according to the exemplary embodimentof the present invention.

FIG. 26 illustrates another configuration of the database control meansaccording to the exemplary embodiment of the present invention.

FIG. 27 illustrates still another configuration of the database controlmeans according to the exemplary embodiment of the present invention.

FIG. 28 is a flowchart illustrating another example of the processingfor setting a confidentiality level according to the exemplaryembodiment of the present invention.

PREFERRED MODES

First, an outline of the present invention will be described, and next,exemplary embodiments will be described. According to an exemplaryembodiment of the present invention, a database apparatus (for example,a database system 10 in FIG. 1) includes a control unit (for example, adatabase control means 12 in FIG. 1) configured to execute data accesscontrol on a database (for example, 11 in FIG. 1). The database controlmeans (12) receives a database operation command from a user apparatus(20 in FIG. 1). The database control means (12) includes a unit (forexample, 122 in FIG. 3) configured to execute cryptographic protocolprocessing on the database and a unit configured to execute a databaseoperation on plaintext data, and sends a processing result to the userapparatus (20). Based on a database operation command, the userapparatus (20) selects whether or not to encrypt data to be stored inthe database (11). As data corresponding to the database operationcommand, the user apparatus (20) sends data encrypted by an encryptionalgorithm corresponding to security of the data or plaintext data to thedatabase apparatus (10).

According to an exemplary embodiment of the present invention, thedatabase apparatus (10) receives a database operation command from theuser apparatus (20). In the case wherein such a condition is met thatthe operation target data encrypted and stored in the database (11) isencrypted by an encryption algorithm allowing operation or computationon encrypted data to be executed as is in ciphertext, and that theoperation or computation of the database operation command is operationor computation allowed to be executed on ciphertext as is in ciphertext,the control means performs operation or computation on the operationtarget data encrypted, as in ciphertext, and sends the result processedin ciphertext to the user apparatus (20).

According to an exemplary embodiment of the present invention, thefollowing configuration is possible. Namely, the control means (12) inthe database apparatus (10) sends a computation result of partialcomputation of a computation of the database operation command to theuser apparatus (20) in ciphertext. Regarding the computation, if theuser apparatus (20) finds that further partial computation needs to beexecuted in plaintext, the user apparatus (20) executes the partialcomputation on data obtained by decrypting the encrypted data intoplaintext. If the computation still includes partial computation onencrypted data and if the partial computation on ciphertext is allowed,the user apparatus (20) sends encrypted data obtained by encrypting theresult of the partial computation in plaintext to the control means(12). By using the encrypted data sent from the user apparatus (20), thecontrol means (12) executes the remaining partial computation of thecomputation of the database operation command on the encrypted data andsends the computation result of the partial computation in ciphertext tothe user apparatus (20).

According to an exemplary embodiment of the present invention, thefollowing configuration is possible. Namely, the database apparatus (10)includes: a storage unit (for example, 14 in FIG. 1) that storesinformation on whether or not metadata including table and column namesstored in the database (11) is encrypted, information on whether or notdata stored in the database is encrypted (11), confidentialityinformation representing extent of data security, and encryptionalgorithm identification information corresponding to theconfidentiality information; and a second storage unit (for example, 13in FIG. 1) that stores at least cryptographic protocol identificationinformation associating processing content in the database (11),confidentiality information encryption algorithm with each other.

According to an exemplary embodiment of the present invention, thecontrol means (12) in the database apparatus (10) may include acryptographic protocol processing execution unit (122 in FIG. 3). Thecryptographic protocol processing execution unit (122 in FIG. 3) mayexecute cryptographic protocol processing corresponding to processingcontent corresponding to the database operation command on dataencrypted by an encryption algorithm corresponding to theconfidentiality information, based on the cryptographic protocolidentification information in the second storage unit.

According to an exemplary embodiment of the present invention, thecontrol means (12) in the database apparatus (10) may include anencryption calculation unit (for example, 126 in FIG. 26) that encryptsmetadata and/or data by using a public key sent from the user apparatus(20).

According to an exemplary embodiment of the present invention, whenencrypting column data in a table in the database (11), the column datais read from the database (11), public key information is obtained fromthe user apparatus (20), the column data is encrypted by the encryptioncalculation unit (126), and a ciphertext table including a set of aserial number and ciphertext of the column data is created. To managethis ciphertext table, a ciphertext table information table including aset of a table name, a column name, an encryption algorithm, and aciphertext table name may be provided.

The user apparatus (20) includes a key utilization means (for example,23 in FIG. 1) configured to manage key information for data encryptionand decryption, a security setting means (for example, 26 in FIG. 1)configured to set information about security setting of data stored inthe database, a first storage unit (for example, 25 in FIG. 1) thatstores information set by the security setting means (26), and anapplication response means (for example, 22 in FIG. 1). The followingconfiguration is possible. Namely, the application response means (22)receives a database operation command issued to the database system(10), refers to information in the first storage unit (25), anddetermines necessity of encryption of data and/or column datacorresponding to the database operation command. When encryption isnecessary, the application response means (22) obtains encrypted dataand/or encrypted column data by performing encryption with keyinformation (for example, a public key) managed by the key utilizationmeans (23) by using an encryption algorithm corresponding to security ofthe data and/or column data. The application response means (22) sendsthe encrypted data and/or encrypted column data to the database controlmeans (12) to execute a corresponding database operation. Whenencryption is not necessary, the application response means (22) sendsthe database operation command directly to the database control means(12) (sends plaintext, i.e., without encrypting the data) to execute acorresponding database operation. In addition, the followingconfiguration is possible. Namely, when the user apparatus (20) receivesa database processing result from the database control means (12), ifconversion or decryption of the data and/or column data is necessary,the user apparatus (20) executes conversion or decryption using keyinformation (for example, a secret key) managed by the key utilizationmeans. As a response to the database operation command, the userapparatus (20) sends the obtained data to the source of the databaseoperation command (for example, 21 in FIG. 1).

The security setting means (26) in the user apparatus (20) executes atleast one of: setting or changing regarding whether or not metadataincluding table and column names in tables stored in the database (11)is encrypted; setting or changing regarding whether or not data storedin tables stored in the database (11) is encrypted; and setting orchanging of confidentiality information representing extent of datasecurity. The first storage unit (25) stores information regardingwhether or not metadata including table and column names stored in thedatabase is encrypted, information regarding whether or not data isencrypted, confidentiality information representing extent of datasecurity, and encryption algorithm identification informationcorresponding to the confidentiality information.

According to the present invention, the user system (20), namely, adatabase user, manages key information used for data encryption anddecryption and encrypts data/metadata. The user system (20) sends theencrypted data/metadata to the database system (10) and stores thedata/metadata in the database (11).

In addition, database operations are executed transparently in auser-side database use application (21) that issues a database operationcommand (for example, SQL (Structured Query Language)). Namely, theapplication can execute a database operation by using a normal databaseoperation command, without being conscious of data encryption. Thus, nochange, modification, etc. for encryption needs to be made to thedatabase utilization application (however, the present invention doesnot prohibit change, modification, etc. of the database utilizationapplication).

<A. Prevention of Information Leakage>

Since the user system (10) includes a storage unit (24) storing keyinformation for data encryption and decryption and the key utilizationmeans (23) managing the key information, it is possible to preventinformation leakage by intrusion to the database system from the outsideor by a malicious operation, an erroneous operation and so forth by adatabase manager or the like.

<B. Efficient Processing>

Processing (an encryption algorithm) corresponding to a security(confidentiality) level required for data that is an operation target ofa database operation command received from the database utilizationapplication (21 in FIG. 1) is selected and executed. For example, fordata for which a low security level is required, an encryption algorithmwith a relatively high speed and a relatively low security level isused. In addition, by removing data, for which security(confidentiality) is not required, from an encryption target, efficientprocessing is made possible.

<C: Arbitrary Database Operations can be Executed>

In response to a database operation command supplied from the databaseutilization application (21 in FIG. 1), computation processing(addition, multiplication, or the like) is executed on encrypted datastored in the database in an encrypted state.

As is well known, for example, in additive homomorphic encryption suchas the Paillier cryptosystem, if there are ciphertext E(m1) of plaintextm1 and ciphertext E(m2) of plaintext m2, E(m1)+E(m2)=E(m1+m2) can beestablished as ciphertext E(m1+m2) of m1+m2. Namely, the encrypted dataof the sum m1+m2 of plaintext m1 and plaintext m2 can be obtaineddirectly from the sum of the encrypted data of m1 and the encrypted dataof m2. In addition, in multiplicative homomorphic encryption such as RSAencryption or Elgamall encryption, the encrypted data E(m1×m2) of theproduct m1×m2 of plaintext m1 and plaintext m2 can be expressed asE(m1×m2)=E(m1)×E(m2). Namely, the encrypted data of the product ofplaintext m1 and plaintext m2 can be obtained directly from the productof the encrypted data of plaintext m1 and the encrypted data ofplaintext m2.

If the encryption algorithm corresponds to homomorphic encryption asdescribed above, encrypted data can be added or multiplied, for example.However, for example, a complex computation including addition,subtraction, multiplication, and division or a logic computation cannotbe executed. Thus, if a database operation command represents acomputation that cannot be executed directly on encrypted data stored inthe database, the encrypted data stored in the database is first readand sent to the user system, and the encrypted data is next decrypted inthe user system into plaintext data. Next, computation processing isexecuted on the plaintext data and the computation result of theplaintext data is sent to the database utilization application that isan issueing source of the database operation command. Alternatively, ifmore complex processing is necessary, the following configuration ispossible. Namely, the computation result of the plaintext data obtainedafter the encrypted data is decrypted into plaintext data and thecomputation processing is executed on the plaintext data on the usersystem side is encrypted again. The encrypted data is next sent to thedatabase side, and the computation processing on the encrypted data iscontinuously executed on the database side. Namely, a plurality ofprocessing including processing on encrypted data on the database sideand processing on plaintext on the user system side may be combined andexecuted. In this way, by combining computation processing on encrypteddata and on plaintext data, arbitrary database operations can beexecuted.

<D. Setting of Confidentiality>

On the user system side, encryption or non-encryption of informationstored in the database can be set per table, column, and column data. Inaddition, a processing procedure (encryption algorithm) based on dataoperation content and required security (confidentiality degree) can beselected. In this way, processing efficiency can be improved.

<E. Elimination of Need for Modification of Application>

According to the present invention, for example, there is no need tochange the syntax of database operation commands (SQL commands, etc.).The database use application (21 in FIG. 1) can issue database operationcommands without making any change (all in plaintext for the syntax ofcommand and table name, column name, data, and so forth specified in thecommand). If the database utilization application (21 in FIG. 1) issuesa database operation command for creating a table, adding a column,adding a row, calculating data, or the like, the database operationcommand is supplied to the application response means (22 in FIG. 1) andan encryption algorithm corresponding to security of data is selected.After the data is encrypted by the encryption algorithm, the data issent to the database system (10). In addition, by preparing the securitysetting means (26) to set the security of data to be stored in thedatabase (11) separately from the database utilization application (21),the need for modification or the like of an existing application usingthe database is eliminated. Namely, according to the present invention,the application does not need to encrypt or decrypt data or set asecurity, for example. Thus, the present invention is applicable to anexisting arbitrary application that issues a database operation command.

Patent Literature 3 discloses a database access system in which aterminal includes a secret key generation means for generating a secretkey by using a public key, a storage means for storing the secret key,an encryption means for encrypting data on the basis of the public key,and a decryption means for decrypting the encrypted data using thesecret key. In addition, Patent Literature 3 discloses that the databaseaccess system is configured to accurately prevent data leakage to theadministrators and the like storing and managing data, as well as tothird parties intruding from the outside. Namely, Patent Literature 3realizes prevention of information leakage in the above item A. However,Patent Literature 3 does not disclose the above items B to E.

Exemplary Embodiments

The following describes exemplary embodiments with reference to theaccompanying drawings.

<Example of System Configuration>

FIG. 1 illustrates an exemplary embodiment of the present invention.Referring to FIG. 1, a database system (database apparatus) 10 and auser system (user apparatus) 20 are connected to each other via anetwork 30 such as the Internet. The database system 10 includes adatabase 11, a database control means 12, a cryptographic protocolinformation storage unit 13, and a security setting information storageunit 14.

The user system 20 includes a database use application 21, anapplication response means 22, a key utilization means 23, a keyinformation storage unit 24, a security setting information temporarystorage unit 25, a security setting means 26, and an input/outputapparatus 27. For example, the user system 20 is implemented on a dataprocessing apparatus (CPU (Central Processing Unit), processor) having afunction of communicating with the database system 10 by connecting tothe network 30. In this case, the database utilization application 21 isan application program that operates on the data processing apparatus.The application response means 22, the key utilization means 23, and thesecurity setting means 26 may also be realized as a program (a controlprogram or the like) that operates on the data processing apparatus,though not limited thereto.

In FIG. 1, each of the means included in the user system 20 is arrangedin a single block. However, these means may be configured as separateapparatuses via a communication network such as a local area network,for example. Likewise, in the database system 10, the database 11 andthe database control means 12 are arranged in a single block. However,these means may of course be arranged separately. In addition, theapplication response means 22, the key utilization means 23, and thesecurity setting means 26 may also be realized as a program (a controlprogram or the like) that operates on the data processing apparatus, butnot limited thereto. If the user system 20 is implemented on athin-client system or the like, virtualization technology may beintroduced to a server, and the user system may be implemented on avirtual machine on the server. In such case, a thin client terminal mayinput information to a database use application on the virtual machineon the server.

In addition, FIG. 1 illustrates only one user system 20 simply for easeof description. However, a plurality of user systems 20 may of course beconnected to the database system 10 via the network 30. In addition, aplurality of user systems 20 may share a single application responsemeans 22 that connects to and communicates with the database system 10.In such case, each of the plurality of user systems 20, i.e., each user,includes the key utilization means 23 and the key information storageunit 24. Namely, the user side stores and manages key information andincludes a security setting means 26. Each user connects to the databasesystem 10 via the shared application response means 22. An integratedsecurity setting information temporary storage unit 25 may beconsolidated in a single storage apparatus (system) for the plurality ofuser systems 20. Alternatively, a plurality of security settinginformation temporary storage units 25 may be arranged separately in adistributed manner for the respective user systems 20.

<Database System>

The following describes components in the database system 10. Thedatabase control means 12 includes means for executing an operation onthe database 11 (a database operation based on a database operationcommand) and means for executing at least one cryptographic protocol.

For example, the security setting information storage unit 14 storessuch information about an encryption algorithm used for encryption, asinformation for setting the security of data stored in the database 11.For example, the security setting information storage unit 14 storesinformation regarding whether or not metadata including table and columnnames stored in the database 11, information about information onwhether or not data stored in the database is encrypted 11,confidentiality information representing extent of data security, andencryption algorithm identification information determining at least oneencryption algorithm used when data encryption is executed.

The cryptographic protocol information storage unit 13 storescryptographic protocol information for encrypting data in the database11. For example, the cryptographic protocol information storage unit 13stores processing content (simple-search, addition, etc.) for databaseoperation command, encryption algorithm identification informationcorresponding to security (confidentiality) level required for data, andcryptographic protocol identification information. In the case ofcomputation processing for adding encrypted data as is in ciphertext inthe database 11, the cryptographic protocol information storage unit 13stores information for selecting an additive homomorphic encryptionalgorithm, based on the processing content.

The database control means 12 receives a database operation command (adatabase operation on plaintext data) or an instruction to execute acryptographic protocol from the application response means 22, executesthe database operation on plaintext data or the cryptographic protocol,and sends a processing result to the application response means 22. Thedatabase control means 12 may be implemented as a database server havingthe user system (10) as a client.

<User System>

The following describes each component in the user system 20. Thedatabase use application 21 issues database operation commands. Thedatabase use application 21 includes an application program that issuesdatabase operation commands (SQL commands) for executing databaseoperations, but not limited thereto. Alternatively, the databaseutilization application 21 may be implemented as a GUI (Graphical UserInterface) environment that causes the database control means 12 in thedatabase system 10 to execute operations such as table definition anddata addition, search, computation, and the like on screen via theapplication response means 22. In such case, an operation selected by auser on the screen is converted to a corresponding SQL command and isthen inputted to the application response means 22. An existingapplication can be used without modification as the database utilizationapplication 21. This does not mean prohibition of newly developing thedatabase utilization application 21. It means that, when the databaseutilization application 21 is newly developed, modified, or updated,there is no need to set information for data encryption, datadecryption, and security setting in the database utilization application21.

The security setting means 26 sets information about the security ofdata.

For example, the key utilization means 23 refers to the key informationstorage unit 24 and generates keys necessary for executing various typesof cryptographic protocols such as data encryption and data decryption.

The input/output apparatus 27 includes an input apparatus such as akeyboard, a mouse, or a touch panel and an output apparatus such as adisplay apparatus or a file apparatus (a printer). The input/outputapparatus 27 displays or outputs information inputted or outputted by adatabase user. In FIG. 1, the input/output apparatus 27 is an integratedinput and output apparatus such as a touch panel/tablet display.Alternatively, an input apparatus and an output apparatus may be used asthe input/output apparatus 27.

The security setting information temporary storage unit 25 stores theinformation stored in the security setting information storage unit 14and information for determining operation target data. For example, ifmetadata (for example, table and column names, etc.), which isinformation for determining data in the database 11, is encrypted, theencrypted metadata and decrypted metadata (plaintext metadata)corresponding thereto are associated with each other and are stored inthe security setting information temporary storage unit 25.

Upon reception of a database operation command from the databaseutilization application 21, the application response means 22 refers tothe security setting information temporary storage unit 25, the securitysetting information storage unit 14, and the cryptographic protocolinformation storage unit 13, replaces metadata such as table and columnnames with ciphertext metadata, executes a cryptographic protocol basedon the database operation content (processing content), or executes anormal database operation, in coordination with the database controlmeans 12 or the key utilization means 23.

For example, if the security of data needs to be dynamically set orchanged in response to a database operation command inputted from thedatabase utilization application 21, such as if a new table needs to becreated, the application response means 22 calls up and causes thesecurity setting means 26 to set security setting information andcreates a table in the database 11 via the database control means 12.

In this operation, the security setting means 26 may display a screenfor requesting the user to input security setting information. Regardinginput of security setting information when a new table is created,various modes other than the above mode are possible. For example,before the database utilization application 21 issues a databaseoperation command, security setting information such as encryption ornon-encryption of the name of a newly-created table may be set inadvance by the security setting means 26. Alternatively, for a tablenewly created in the database 11, confidentiality and cryptographicprotocol identification information (default information) may be set inadvance in a template having a table name, part of which has beenreplaced by a wildcard or the like. If a newly-created table matches thetable name including the wildcard, encryption may be executed by acryptographic protocol corresponding to the default confidentialitylevel.

When a database operation command inputted from the database utilizationapplication 21 requires encryption of the operation target data, theapplication response means 22 encrypts the data. In such case, theapplication response means 22 encrypts the data by using key informationand sends the encrypted data to the database control means 12. Theapplication response means 22 sends a database operation result (aprocessing result) sent from the database control means 12 to thedatabase utilization application 21. The database use application 21outputs the database operation result to the input/output apparatus 27,but not limited thereto.

<Overview of Operation>

An operation example of the system illustrated in FIG. 1 will bedescribed. For example, when a database operation command that isinputted from the database utilization application 21 and that isforwarded via the application response means 22 requires an operationsuch as a search operation (Query) that involves a cryptographicprotocol that allows ciphertext to be processed without being decrypted,the database control means 12 executes processing on the encrypted datawithout decryption thereof (processing such as a search operation). Thedatabase control means 12 sends a result obtained by processing theencrypted data stored in the database 11 to the application responsemeans 22, as is in cipher text, i.e., without decryption thereof. Theapplication response means 22 receives a result obtained by causing thekey utilization means 23 to decrypt the encrypted data into plaintextand sends the database operation result in plaintext to the databaseutilization application 21.

When a database operation command inputted from the database utilizationapplication 21 is an operation that is difficult to execute onciphertext as is in ciphertext (such as, a complex arithmeticcomputation involving addition, subtraction, multiplication, division, alogic computation and so forth), the database control means 12 extractsthe operation target data in ciphertext from the database 11 and sendsthe extracted data to the application response means 22, withoutexecuting any computation operation. The application response means 22decrypts the encrypted data sent from the database control means 12 byusing a decryption key managed by the key utilization means 23, executesan operation specified by the database operation command on the obtainedplaintext, and sends an operation result to the database utilizationapplication 21.

In addition, the following operation is possible. When a complexarithmetic computation includes a computation such as an averagecomputation that can be executed as is in ciphertext, the databasecontrol means 12 executes such partial computation on the encrypted dataand sends a computation result (ciphertext) to the application responsemeans 22. The application response means 22 causes the key utilizationmeans 23 to decrypt the computation result from the encrypted data intoplaintext and executes the remaining computation of the complexarithmetic computation in plaintext. In this way, higher processingefficiency can be achieved, compared with processing efficiency achievedwhen the complex arithmetic computation is executed with all the databeing decrypted.

Upon reception of a database operation command from the databaseutilization application 21, the application response means 22 refers tothe security setting information storage unit 14 and determines whetherdata in the database 11, which is the operation target of the inputteddatabase operation command, needs to be protected by encryption(necessity of encryption). If encryption is not necessary, processing asin a normal database operation is executed. In addition, by referring tothe security setting information temporary storage unit 25, even whenmetadata (for example, table and column names in SQL) of the data, whichis the operation target of the database operation command inputted fromthe database utilization application 21, is encrypted, the applicationresponse means 22 can determine the operation target data.

As described above, according to the present exemplary embodiment, byreferring to security setting information corresponding to an inputteddatabase operation command, the application response means 22 candetermine processing based on a security level required for data in thedatabase 11 as the operation target. In this way, data requiring a lowersecurity level can be processed at a relatively higher speed. Inaddition, by using an encryption algorithm requiring a relatively lowersecurity level, processing can be executed more efficiently.

According to the present exemplary embodiment, among the data to berecorded in the database 11, if data requires a security level, the datais encrypted. Thus, for such data, information leakage can be prevented.In addition, since the present invention includes the applicationresponse means 22 that operates in coordination with other components,the present invention is applicable to arbitrary database operationcommands inputted.

FIGS. 2A and 2B are flow charts summarizing processing operations of theapplication response means 22 and the database control means 12,respectively, according to the present exemplary embodiment.

<Operation of Application Response Means>

The following describes a processing operation of the applicationresponse means 22. Referring to FIG. 2A, the application response means22 executes the following steps.

Step 1: The application response means 22 receives a database operationcommand from the database utilization application 21.

Step 2: By referring to the security setting information temporarystorage unit 25, the application response means 22 determines whether ornot metadata such as table and column names specified as an operationtarget by the database operation command is encrypted.

Step 3: When encrypting and storing metadata such as table and columnnames in the database, the application response means 22 executesreplacement processing for replacing the metadata specified as theoperation target by the database operation command with ciphertext.

Step 4: The application response means 22 refers to the security settinginformation storage unit 14 and determines whether to encrypt the dataspecified as the operation target by the database operation command.

Step 5: If data encryption is not necessary, the application responsemeans 22 sends the database operation command to the database controlmeans 12.

Step 6: The application response means 22 receives a database operationresult from the database control means 12.

Step 7: The application response means 22 determines whether to convertthe database operation result. This determination in step 7 is executedbecause an operation result may be sent in ciphertext from the databasecontrol means 12.

Step 8: If the database operation result needs to be converted (ordecrypted), the application response means 22 converts the databaseoperation result using a decryption key managed by the key utilizationmeans 23. In this conversion processing (decryption), the applicationresponse means 22 uses a decryption key managed by the key utilizationmeans 23 and refers to a decrypted table name and a decrypted columnname in the security setting information temporary storage unit 25.

Step 14: The application response means 22 outputs an operation result(or a conversion result) to the database utilization application 21.

In step 4, if data encryption is necessary, the application responsemeans 22 executes the following steps.

Step 9: The application response means 22 refers to the cryptographicprotocol information storage unit 13 and executes encryption processingby using a corresponding encryption algorithm.

Step 10: The application response means 22 sends an instruction toexecute a cryptographic protocol (a request for executing cryptographicprotocol processing) to the database control means 12.

Step 11: The database control means 12 executes a cryptographicprotocol.

Step 12: The application response means 22 receives a cryptographicprotocol execution result from the database control means 12.

In steps 11 and 12, the application response means 22 and the databasecontrol means 12 may cooperate with each other in such a way in whichthe application response means 22 decrypts the computation result inciphertext sent from the database control means 12 into plaintext andexecutes partial computation on the plaintext, the application responsemeans 22 encrypts the result of the partial computation and sends theencrypted data to the database control means 12, and the databasecontrol means 12 executes a computation on the encrypted data.

Step 13: The application response means 22 executes conversionprocessing in which the cryptographic protocol execution result isdecrypted by using key information managed by the key utilization means23. The application response means 22 executes conversion processing onthe execution result of the cryptographic protocol through decryptionwith use of key information managed by the key utilization means 23 ordecryption with reference to a decrypted table name and a decryptedcolumn name in the security setting information temporary storage unit25.

Step 14: The application response means 22 outputs a conversion resultto the database utilization application 21.

<Operation of Database Control Means>

Referring to FIG. 2B,

Step 1: The database control means 12 waits for an instruction from theapplication response means 22.

Step 2: Upon reception of a database operation command from theapplication response means 22, the database control means 12 executesthe database operation command.

Step 3: The database control means 12 sends a database operation resultto the application response means 22.

Step 4: Upon reception of a request for cryptographic protocolprocessing from the application response means 22, the database controlmeans 12 executes a cryptographic protocol (corresponding to step 11 inFIG. 2A).

Step 5: The database control means 12 sends a execution processingresult of the cryptographic protocol to the application response means22.

Advantageous Effects of Exemplary Embodiment

Referring to FIGS. 2A and 2B, since the database control means 12 andthe application response means 22 operate in coordination with eachother, information leakage from the database system 10 is able to beprevented, an arbitrary database operation is allowed to be executed,and processing can be executed efficiently.

In the user system 20, key information for encryption and decryption ismanaged. Encrypted data in the database 11 is forwarded to the usersystem 20 and is decrypted in the user system 20, thereby reducing apossibility of occurrence of information leakage occurs in the databasesystem 10.

The database system 10 includes the security setting information storageunit 14 that stores information about whether or not data is encryptedand extent of security required for data, in the database 11. Uponreception of a database operation command, the application responsemeans 22 refers to the security setting information storage unit 14 anddetermines whether to encrypt the operation target data. When dataencryption is not necessary (if a normal database operation needs to beexecuted), no encryption processing is executed (steps 5 and 6 in FIG.2A). If encryption is executed for all the database operations, theprocessing performance is affected. However, by excluding data for whicha confidentiality level is not required, from an encryption target, theprocessing performance is less affected.

In addition, regarding metadata (for example, table and column names inSQL) for determining data in the database, information about thecorrespondence between encrypted metadata and decrypted metadata isstored in the user system 20. Thus, even when metadata is encrypted inthe database 11, the operation target data can easily be determined.Thus, the influence on the processing performance by encryption ofmetadata can be avoided.

<Configuration of Database Control Means>

The following describes the above database control means 12. FIG. 3illustrates a configuration of the database control means 12 in FIG. 1.Referring to FIG. 3, the database control means 12 includes a databaseoperation unit 121, a cryptographic protocol processing execution unit122, a processing and communication control unit 125, a cryptographicprotocol information operation unit 123, and a security settinginformation operation unit 124.

For example, the cryptographic protocol processing execution unit 122executes an operation such as search, add or the like, as is inciphertext, in the database 11.

The database operation unit 121 executes a database operation withrespect to the database 11 (creates a table, adds/deletes data, searchesfor data, calculates data, etc.). For example, when the processing andcommunication control unit 125 receives a database operation command forstoring, adding, deleting, or updating plaintext data in the database 11from the application response means 22, the processing and communicationcontrol unit 125 forwards the plaintext data directly to the databaseoperation unit 121. The database operation unit 121 executes acorresponding database operation on the plaintext data.

The cryptographic protocol processing execution unit 122 performsoperation on data as is in ciphertext and accesses the database 11 viathe database operation unit 121. For example, in the case of a commandfor acquiring columns B and C from table A in the database 11, i.e., SQLquery SELECT B, C FROM A, if columns B and C in table name A in thedatabase 11 are encrypted, the database operation unit 121 executessearch processing on ciphertext and sends a search result to thecryptographic protocol processing execution unit 122.

The processing and communication control unit 125 communicates with theapplication response means 22 via the network 30 and controls each unitin the database control means 12.

The cryptographic protocol information operation unit 123 reads andwrites cryptographic protocol information from and in the cryptographicprotocol information storage unit 13. In response to a request foraccess to the cryptographic protocol information storage unit 13 fromthe application response means 22 (a read request), the cryptographicprotocol information operation unit 123 accesses the cryptographicprotocol information storage unit 13 and sends read cryptographicprotocol information to the application response means 22 via theprocessing and communication control unit 125.

The security setting information operation unit 124 reads and writessecurity setting information from and in the security settinginformation storage unit 14. In response to a request for access to thesecurity setting information storage unit 14 from the applicationresponse means 22 (a read request), the security setting informationoperation unit 124 accesses the security setting information storageunit and sends read security setting information to the applicationresponse means 22 via the processing and communication control unit 125.

<Variation 1 of Database Control Means>

FIG. 4 illustrates a variation of the database control means 12 in FIG.3. Referring to FIG. 4, the cryptographic protocol information and thesecurity setting information is stored in the database 11, as acryptographic protocol information table 111 and a security settinginformation table 112. By issuing a database operation command (forexample, a SQL command specifying a table name in the cryptographicprotocol information table) to the database operation unit 121, thecryptographic protocol information operation unit 123 in FIG. 4 accessesinformation in the cryptographic protocol information table 111 in thedatabase 11. Likewise, the security setting information operation unit124 accesses information in the security setting information table 112in the database 11 via the database operation unit 121.

<Variation 2 of Database Control Means>

FIG. 26 illustrates still another configuration of the database controlmeans 12 in FIG. 1. Referring to FIG. 26, the database control means 12includes the database operation unit 121, the cryptographic protocolprocessing execution unit 122, the processing and communication controlunit 125, the cryptographic protocol information operation unit 123, thesecurity setting information operation unit 124, and an encryptioncalculation unit 126. FIG. 26 differs from FIG. 3 in that the databasecontrol means 12 includes the encryption calculation unit 126. Since thedatabase operation unit 121, the cryptographic protocol processingexecution unit 122, the processing and communication control unit 125,the cryptographic protocol information operation unit 123, and thesecurity setting information operation unit 124 are the same as those inFIG. 3, description thereof will be omitted.

If the encryption algorithm corresponds to public key encryption, theapplication response means 22 sends a public key used for encryption tothe database control means 12 and the encryption calculation unit 126 inthe database control means 12 executes encryption. For example, with theconfiguration in FIG. 3, when data stored in the database 11 needs to beencrypted and stored, the encryption target data needs to be sent fromthe database system 10 to the user system 20, the sent data needs to beencrypted by the user system 20, and the encrypted data needs to be sentfrom the user system 20 to the database system 10. With theconfiguration in FIG. 26, since there is no need to transmit theencryption target data from the database system 10 to the user system20, reduction in the communication amount between the database system 10and the user system 20 is expected.

<Variation 3 of Database Control Means>

FIG. 27 illustrates still another configuration of the database controlmeans 12 in FIG. 1. Referring to FIG. 27, in the present exemplaryembodiment, based on the configuration in FIG. 26, the cryptographicprotocol information table 111 and the security setting informationtable 112 are included in the database 11 as in the configuration inFIG. 4. Since the encryption calculation unit 126 is the same as that inFIG. 26, description thereof will be omitted.

<Example of Cryptographic Protocol Information Storage Unit>

FIG. 5 illustrates the cryptographic protocol information storage unit13 in FIG. 1. In FIG. 5, each processing content identifier isinformation determining a database operation processing content.Database operation determination codes such as “Simple-Search” (simplymatched with a specified character string) and “Addition” are set inFIG. 5, but not limited thereto.

Each confidentiality level represents a data security (confidentiality)level. While the present invention is not particularly limited to FIG.5, in this example, “High”, “Middle”, or “Low” is set for each entry.Each confidentiality level may be represented by a number.

Each encryption algorithm identifier represents an encryption algorithmused for data encryption. An executable cryptographic protocolidentifier is stored for a corresponding processing content identifier,confidentiality level, and encryption algorithm identifier.

If “Simple-Search” processing is executed on data encrypted with aconfidentiality level “Middle” and an encryption algorithm “SE1”, thecryptographic protocol processing execution unit 122 in the databasecontrol means 12 executes a cryptographic protocol “SE1_SS_M” in thethird row in FIG. 5. “SS” represents “Simple-Search” (simple match) and“M” represents a confidentiality “Middle.”

The cryptographic protocol information operation unit 123 reads acryptographic protocol identifier from the cryptographic protocolinformation storage unit 13 and decodes a corresponding processingcontent identifier, confidentiality level, and encryption algorithmidentifier. In this way, a corresponding processing content,confidentiality level, and encryption algorithm for data are derived.

“AES (advance encryption standard)” is a symmetric-key cryptosystemstandardized in the U.S. as a new standard. “HE1” represents ahomomorphic encryption (HE) (in this case, the Paillier cryptosystem asan additive homomorphic encryption). “SE1” represents a searchableencryption (SE) of a public key system.

Referring to FIG. 5, even when processing content is the same processingcontent “Addition”, the encryption algorism AES that is not ahomomorphic encryption (addition cannot be executed on ciphertext) maybe set. In such a case, the corresponding ciphertext in the database 11is sent to the application response means 22, and the applicationresponse means 22 causes the key utilization means 23 to decrypt theencrypted data with the encryption algorithm AES and executes additionoperation on the plaintext data.

<Example of Security Setting Information Storage Unit>

FIG. 6 illustrates the security setting information storage unit 14 inFIG. 1. Referring to FIG. 6, the security setting information storageunit 14 includes a column indicating whether table name is encrypted(encryption or non-encryption of table name), a column name, a columnindicating whether column name is encrypted (encryption ornon-encryption of each column name), a column indicating whether columndata is encrypted (encryption or non-encryption of the column data), acolumn indicating the confidentiality level of the column data, and acolumn indicating identifier of encryption algorithm used for encryptingthe column data (column data encryption algorithm identifier).

In the security setting information storage unit 14 in FIG. 6, forexample, in the first row, the table name “Employee Table” is notencrypted, the column name “Work Location” is not encrypted, the columndata is encrypted, “Middle” is set as the confidentiality level of thecolumn data, and “SE1” is set as the encryption algorithm identifier. Inthe fourth row, the table name is encrypted and the column name and thecolumn data are not encrypted (NULL is set in the correspondingentries). In addition, in the fifth row, the table name is notencrypted, the column name is encrypted, and the column data is notencrypted.

Metadata such as table and column names may be encrypted by the sameencryption algorithm as that used for encrypting the correspondingcolumn data. Such table name, column name, column data encrypted by thesame encryption algorithm are associated with each other and form asingle entry in the security setting information storage unit 14.Alternatively, an encryption algorithm used for encrypting table andcolumn names may be different from that used for encrypting thecorresponding column data. Alternatively, a certain encryption algorithmmay commonly be set for a plurality of table and column names.

For example, the security setting information storage unit 14 storessecurity setting information about all the tables registered in thedatabase 11. The setting content in each entry is based on informationset by a user(s) via the security setting means 26 in the user system20.

<Examples of Tables in Database>

FIG. 7 illustrates table information in the database 11. As illustratedin the above FIG. 6, there are cases where data is encrypted by aplurality of encryption algorithms. For example, two entries include thesame column name “Work Location”. Thus, such ciphertext itself encryptedby a plurality of encryption algorithms is managed by another table.

In a ciphertext table information table in FIG. 7B,

a name of a ciphertext table, which is a table storing a ciphertext mainbody (a ciphertext table name),

an encryption algorithm, and

a parameter (a parameter allocated to the encryption algorithm) areassociated with a table name, a column name, and an encryptionalgorithm. Such associated information is stored in the ciphertext tableinformation table.

As an encryption algorithm parameter, in the case of the encryptionalgorithm SE1 (Searchable Encryption is a public key) in FIG. 7B, thereis a security parameter used for a key generation algorithm (outputtinga public key and a secret key). As a parameter of the encryptionalgorithm AES, for example, there is a key length, a plaintext blocklength, a round number, or the like (no AES parameter is set in FIG. 7B.In such case, a default value is used).

Regarding the table name “Employee Table” in the first row in theciphertext table information table in FIG. 7B,

the column name is “Work Location”,

the encryption algorithm is “AES”, and

the parameter is “Null” (N/A), and

the ciphertext table name is “Encrypted Text_AES_1”.

Regarding the table name “Employee Table” in the second row in theciphertext table information table in FIG. 7B,

the column name is “Work Location”,

the encryption algorithm is “SE1”,

the parameter is “0x16a . . . ” (0x represents hexadecimal display), and

the ciphertext table name is “Encrypted Text_SE1_1”. The ciphertexttable names “Encrypted Text_AES_1” and “Encrypted Text_SE1_1” areindicated by FIG. 7D and FIG. 7(F), respectively.

Serial numbers in plaintext are stored in entries under a column of atable (an employee table in FIG. 7A) in which plaintext data beforeencryption is stored. Serial numbers, such as 1, 2, and so on, areallocated to data such as “Headquarters”, “Tamagawa”, and the like inentries under the column “Work Location” in the table “Employee Table”in FIG. 7A.

In addition, as illustrated in FIG. 7C, in the employee table afterencryption, the column name “Position” is encrypted to “0xa638 . . . ”and serial numbers 1, 2, and so on in entries under the column name“Work Location” and the column name “0xa638 . . . ” correspond to IDsspecifying the respective encrypted contents.

In “Encrypted Text_AES_1 Table” in FIG. 7D encrypted by the encryptionalgorithm AES, ciphertext “0x3d8 . . . ” and “0x962.” corresponding toID=1 and ID=2, respectively, is the encrypted data of the datacorresponding to serial number IDs 1 and 2 under “0xa638 . . . ”obtained by encrypting the column name “Work Location” by AES(encryption data of “Headquarters” and “Tamagawa” in FIG. 7A).

In “Encrypted Text_AES_2 Table” in FIG. 7(E) encrypted by the encryptionalgorithm AES, ciphertext “0x61b . . . ” and “0xa53 . . . ”corresponding to ID=1 and ID=2, respectively, is the encrypted data ofthe data corresponding to serial number IDs 1 and 2 under “0xa638 . . .” obtained by encrypting the column name “Position” (encryption data of“Section Chief” and “Chief” in FIG. 7A).

In “Encrypted Text_SE1_1 Table” in FIG. 7F encrypted by the encryptionalgorithm SE1, ciphertext “0x8ec . . . ” and “0xA7c0 . . . ”corresponding to ID=1 and ID=2, respectively, is the encrypted data ofthe data corresponding to serial number IDs 1 and 2 under “0xa638 . . .” obtained by encrypting the column name “Position” (encryption data of“Section Chief” and “Chief” in FIG. 7A).

As described above, regarding the data “Headquarters”, “Tamagawa”, andso on under the column name “Work Location” in the employee table inFIG. 7A, serial number IDs 1, 2, and so on are allocated to therespective entries under the column “Work Location” after encryption, asillustrated in FIG. 7C. Each ciphertext table storing encrypted data isstored in the database 11 in format as illustrated in FIGS. 7D to 7F,for example. Namely, each ciphertext table is stored so that serialnumber IDs 1, 2, and so on are associated with the respectiveciphertext.

Thus, according to the present exemplary embodiment, information fordetermining a table storing ciphertext itself and encryption algorithmparameters are managed in the ciphertext table information table (FIG.7B). The ciphertext table information table (FIG. 7B) may be stored inthe security setting information storage unit 14. Alternatively, theciphertext table information table may be managed in a storage unitdifferent from the security setting information storage unit 14.

<Configuration Example of Application Response Means>

FIG. 8 illustrates configurations of the application response means 22,the security setting means 26, and the key utilization means 23 inFIG. 1. Referring to FIG. 8, the application response means 22 includesa processing and communication control unit 221, a cryptographicprotocol processing execution unit 222, a database operation conversionprocessing unit 223, an encryption calculation unit 224, and a securitysetting information operation unit 225.

The security setting means 26 includes a setting display unit 261 and asetting input unit 262. The setting display unit 261 and the settinginput unit 262 output and input information to the input/outputapparatus 27 in FIG. 1, respectively. More specifically, an operationscreen (menu) is displayed on a display apparatus of the input/outputapparatus 27 so that the user can select or input information on themenu, for example.

The key utilization means 23 includes an encryption calculation unit 231and a key information management unit 232.

For example, the processing and communication control unit 221communicates with the database utilization application 21, the securitysetting means 26, the key utilization means 23, and the database controlmeans 12 in the database system 10 and controls each unit in theapplication response means 22.

For example, the encryption calculation unit 224 executes encryptioncalculation using information that is not secret among the keyinformation, such as encryption calculation using public key encryption.

In response to a database operation command inputted from the databaseutilization application 21, for example, based on the confidentialitylevel of the operation target data, the database operation conversionprocessing unit 223 determines whether to execute cryptographic protocolprocessing or a normal database operation. If encryption is needed, thedatabase operation conversion processing unit 223 executes cryptographicprotocol conversion processing (corresponding to steps 4 and 9 in FIG.2A).

The database operation conversion processing unit 223 converts aprocessing result obtained through cryptographic protocol processing ora normal database operation from the database control means 12 into aprocessing result corresponding to the normal database operation commandinputted (corresponding to steps 7, 8, and 13 in FIG. 2A).

The cryptographic protocol processing execution unit 222 executescryptographic protocol processing such as search, addition, ormultiplication that can be executed on ciphertext in the databasecontrol means 12 that accesses the database 11, based on processingcontent, by communicating with the database control means 12(corresponding to step 11 in FIG. 2A).

The security setting information operation unit 225 gets information(including information about encryption or non-encryption of metadata,for example) stored in the security setting information storage unit 14in the database system 10 via the processing and communication controlunit 221 and creates auxiliary information for determining operationtarget data. The security setting information operation unit 225 readsand writes information from and in the security setting informationtemporary storage unit 25.

By storing (caching) information, which is stored in the securitysetting information storage unit 14 in the database system 10, in thesecurity setting information temporary storage unit 25 in the usersystem 20, the number of queries (traffic) sent from the applicationresponse means 22 to the database system 10 is reduced and processing bythe application response means 22 in the user system 20 is executed morequickly.

The setting display unit 261 in the security setting means 26displays/outputs security setting information such as confidentialityinformation set to data stored in the database 11 to the outputapparatus (27 in FIG. 1) via the application response means 22. Thesetting input unit 262 receives input information about dataconfidentiality information from the user via the input apparatus 27 andreflects the inputted setting information on the security settinginformation temporary storage unit 25 and on the security settinginformation storage unit 14 in the database system 10 via theapplication response means 22. In this operation, the inputted settinginformation may simultaneously be written in the security settinginformation temporary storage unit 25 and in the security settinginformation storage unit 14. Alternatively, the inputted settinginformation may be written only in the security setting informationtemporary storage unit 25 first and in the security setting informationstorage unit 14 next.

The encryption calculation unit 231 in the key utilization means 23executes encryption calculation such as processing for decryptingciphertext by using key information (secret key) read via the keyinformation management unit 232.

The key information management unit 232 reads key informationcorresponding to the database operation target data and security settinginformation about the data from the key information storage unit 24after authentication by a user who is an owner of the key information(for example, a user of the database utilization application 21 or asystem manager on the user system). The key information management unit232 writes key information in the key information storage unit 24.

<Example of Security Setting Information Temporary Storage Unit>

FIG. 9 schematically illustrates an example of content in the securitysetting information temporary storage unit 25 in the user system 20 inFIG. 1. The security setting information temporary storage unit 25includes entries for “Decrypted Table Name” and “Decrypted Column Name”as auxiliary information for determining the database operation target,in addition to the content of the security setting information storageunit 14 in the database system 10 in FIG. 6. The other information isthe same as that in the security setting information storage unit 14 inFIG. 6.

For example, FIG. 9 includes a table name “Employee Table” having anencrypted column name “0xa638 . . . ”. It is seen that the correspondingdecrypted plain-text column name is “Position” from the correspondingentry under the column “Decrypted Column Name”. This represents acorrespondence relationship between the column “Position” in the table“Employee Table” in FIG. 7A and the encrypted column name “0xa638 . . .” in FIG. 7C.

In FIG. 9, for example, to execute a database query for referring to atable name “XX Table” in the database 11, it is necessary to refer toencrypted table name “0x30c8a4 . . . ” in the database 11.

If a database operation command inputted from the database utilizationapplication 21 includes the table name “XX Table” (for example, SQLcommand: select column name, from “XX table”), the security settinginformation operation unit 225 extracts the encrypted table name“0x30c8a4 . . . ” corresponding to “XX Table” from the security settinginformation temporary storage unit 25 and sends a database operationcommand relating to the encrypted table name “0x30c8a4 . . . ” (selectcolumn name, from “0x30c8a4 . . . ”) to the database control means 12via the cryptographic protocol processing execution unit 222 and theprocessing and communication control unit 221.

<Example of Key Information Storage Unit>

FIG. 10 illustrates the key information storage unit 24. The keyinformation storage unit 24 includes encryption algorithm identifiersand key information. In FIG. 9, key information used for encrypting anddecrypting data with the encryption algorithm “AES” is “0x51a4 . . . ”.In addition, key information used for an encryption algorithm HE1 aspublic key encryption is “0xb316 . . . ”. The key information includespublic key information used for encryption and homomorphic operationprocessing and secret key information used for decryption.

<Processing of Security Setting Means>

Hereinafter, a processing procedure executed via the security settingmeans 26 described with reference to FIGS. 1 and 8 will be described indetail. The security setting means 26 in the user system 20 setssecurity information about data in the database 11.

FIG. 11 is a flowchart illustrating a processing procedure executed viathe security setting means 26. For example, an existing application maybe used as the database utilization application 21. In the presentexemplary embodiment, to avoid modification of an existing application,processing for setting a confidentiality level or the like to data isrealized by inputting a confidentiality level via the security settingmeans 26. A processing flow executed via the security setting means 26will be described with reference to FIG. 11.

Step 1. Getting Security Setting Information:

The application response means 22 is requested to acquire currentsecurity setting information about the database 11. The applicationresponse means 22 refers to the security setting information storageunit 14 in the database system 10 or to the security setting informationtemporary storage unit 25 in the user system 20, gets security settinginformation corresponding to the database operation target data or thelike, and sends the security setting information to the security settingmeans 26.

When the security setting information (see FIG. 6) from the securitysetting information storage unit 14 is obtained, the applicationresponse means 22 creates and sends the data format of the securitysetting information temporary storage unit 25 (see FIG. 9). Namely, inthe security setting information (see FIG. 6) obtained from the securitysetting information storage unit 14, if encryption of metadata (tableand column names) is “Applied”, the application response means 22decrypts the encrypted metadata by using the key utilization means 23,creates plaintext metadata, and sends the created plaintext metadata tothe security setting means 26. Alternatively, in the security settinginformation (see FIG. 9) obtained from the security setting informationtemporary storage unit 25, if encryption of metadata (table and columnnames) is “Applied”, the application response means 22 sends informationunder the columns “Decrypted Table Name” and “Decrypted Column Name”(plaintext metadata) to the security setting means 26.

Regarding the acquisition of the security setting information in step 1,information about table names or about certain tables may be obtainedand displayed selectively (partially) or gradually, instead of theentire information in the database 11.

Step 2. Displaying Security Setting Information:

The setting display unit 261 in the security setting means 26 causes theinput/output apparatus 27 to display the security setting informationsent from the application response means 22.

Step 3. Inputting Setting Target and Setting Content:

The setting input unit 262 in the security setting means 26 receives asetting target (for example, table and column names) and setting content(for example, application of encryption of table and column names andthe confidentiality level of column data) inputted by the database uservia the input/output apparatus 27.

Step 4. Setting Update Process:

The setting input unit 262 in the security setting means 26 sends theinputted setting target and content to the application response means 22to request change (update) of the setting. The security settinginformation operation unit 124 in the database control means 12 and thesecurity setting information operation unit 225 in the applicationresponse means 22 write the change of the security setting in thesecurity setting information storage unit 14 and the security settinginformation temporary storage unit 25, respectively.

If a new table is created in the database 11, the execution timing ofthe processing procedure of the security setting means 26 illustrated inFIG. 11 may previously be set by the user, before the databaseutilization application 21 issues a table creation command.Alternatively, when the database utilization application 21 issues atable creation command, if a corresponding table name or the like is notregistered in the security setting information storage unit 14 or thesecurity setting information temporary storage unit 25, the securitysetting means 26 may display a screen requesting the user to inputinformation about a table name, a column name, encryption ornon-encryption of the table and column names, the confidentiality levelof column data, etc. If the user changes the security setting of a tableor the like created in the database 11, the security setting is changedvia the security setting means 26. In such case, while use of a GUI(Graphical User Interface) is arbitrary, the security setting means 26may cause the input/output apparatus 27 to select and execute a tablelist display command or the like as an operation menu, for example, todisplay a list of some or all the table names on the screen (if a tablename is encrypted, for example, a decrypted table name in the securitysetting information temporary storage unit 25 is referred to, so thatthe table name is displayed in plaintext). By requesting the user toselect a relevant table and setting operation, the corresponding settinginformation can be updated.

<Setting Update Processing (Change of Encryption to “Applied”)>

FIG. 12 is a flowchart illustrating detailed processing of the settingupdate processing in step 4 in FIG. 11. FIG. 12 illustrates processingfor setting encryption of metadata (a table name and/or a column name)to “Applied”. The following description will be made assuming thatencryption of target metadata (a table name and/or a column name) hasalready been set to “NULL” in the security setting information storageunit 14 and the security setting information temporary storage unit 25.

Step 0:

The security setting means 26 receives setting target metadata (a tablename and/or a column name) and setting content (encryption “Applied”)from the input/output apparatus 27.

Step 1. Creating ciphertext of target metadata:

Upon reception of a setting update request from the security settingmeans 26, the application response means 22 uses the key utilizationmeans 23 to create ciphertext of the setting target metadata (a tablename and/or a column name). The application response means 22 refers tothe security setting information temporary storage unit 25 or thesecurity setting information storage unit 14 and gets encryptionalgorithm information corresponding to the metadata. In addition, theapplication response means 22 causes the encryption calculation unit 231to encrypt the metadata (a table name and/or a column name) and createsciphertext metadata.

Step 2. Changing plaintext metadata in database to ciphertext metadata:

Upon reception of a setting change instruction from the security settingmeans 26, the application response means 22 requests the databasecontrol means 12 to replace the setting target metadata in the database11 with the encrypted data metadata created in the above step 1. Thedatabase control means 12 replaces the plaintext metadata in thedatabase 11 with the encrypted data metadata. Since the followingexamples are implementation-specific operations, the present inventionis not particularly limited thereto. For example, when a table name ischanged to ciphertext, the application response means 22 may use thefollowing SQL command:

ALTER TABLE table before change RENAME TO table name after change

A SQL statement including the ciphertext table name as the table nameafter change may be automatically generated and issued to the databaseoperation unit 121 (FIG. 4) in the data control means 12. When a columnname is changed to ciphertext, for example, the following SQL commandmay be used:

ALTER TABLE table name RENAME COLUMN column name before change TO columnname after change

A SQL statement including the encrypted data column name as the columnname after change may be automatically generated by the applicationresponse means 22 and issued to the database operation unit 121 (FIG.4).

Step 3. Changing security setting information:

The application response means 22 causes the security settinginformation storage unit 14 (see FIG. 6) to replace the plaintext tableor column name as the setting target with the ciphertext table name orthe encrypted data column name via the database control means 12. Inaddition, the application response means 22 requests the securitysetting information operation unit 124 in the database control means 12to change “Encryption of Table Name” and “Encryption of Column Name” to“Applied”. In this way, the security setting information in the securitysetting information storage unit 14 is changed. In addition, thecorresponding table and column names in the ciphertext table informationtable (FIG. 7B) are replaced with the ciphertext table and column names.

Step 4. Changing security setting information temporary storage unit:

The security setting information operation unit 225 in the applicationresponse means 22 refers to the security setting information temporarystorage unit 25 (see FIG. 9) and writes the original plaintext tablename or column name as the setting target in the corresponding entryunder “Decrypted Table Name” or “Decrypted Column Name”. The table nameor the column name is replaced with the ciphertext table name or theencrypted data column name, and the corresponding entry under“Encryption of Table Name” or “Encryption of Column Name” is changed to“Applied”.

Step 5. Sending information representing completion of change:

The application response means 22 sends information representingcompletion of the change of the setting (setting update processing) tothe security setting means 26. The security setting means 26 displaysthe information representing the completion on the input/outputapparatus 27. In such a case, the content after the change of thesetting in the security setting information temporary storage unit 25may be displayed on the screen to present the completion of the changeto the user.

The security setting means 26 may simultaneously or separately changeencryption of the table name and encryption of the column name to“Applied”. Alternatively, encryption of a plurality of tables or aplurality of columns may collectively be changed to “Applied”. In suchcase, the above steps 1 to 4 are executed to each of the tables/columns.

<Setting Update Process (Change of Encryption to “NULL”)>

Next, processing for changing to encryption “NULL” will be described, asa detail processing procedure of the setting update process in step 4 inFIG. 11. FIG. 13 is a flowchart illustrating another example of thesetting update processing in step 4 in FIG. 11. FIG. 13 illustrates aprocessing procedure for changing encryption of metadata (a table nameand/or a column name) from “Applied” to “NULL”. The followingdescription will be made assuming that encryption of metadata (a tablename and/or a column name) has already been set to “Applied”.

Step 0: The security setting means 26 receives setting target metadata(a table name and/or a column name) and setting content (encryption“NULL”) from the input/output apparatus 27.

Step 1. Getting a set of metadata (plaintext and ciphertext):

Upon reception of a setting change instruction from the security settingmeans 26, the application response means 22 refers to the securitysetting information temporary storage unit 25 (see FIG. 9), getsciphertext metadata in the database 11 regarding the setting targetmetadata (a table name or a column name), and gets a correspondingplaintext table name or column name from a corresponding entry under thecolumn “Decrypted Table Name” or “Decrypted Column Name”.

Step 2. Changing ciphertext metadata in database 11 into plaintextmetadata:

The application response means 22 requests the database control means 12to replace the encrypted data metadata (a table name or a column name)with the corresponding plaintext metadata. The table name/column name inthe database 11 is replaced with the plaintext table name/column name.When a table name is changed, for example, the database control means 12may issue the following SQL command:

ALTER TABLE table name before change RENAME TO table name after change

A SQL statement including the table name before change as the encrypteddata and the table name after change as the plaintext table name may beissued to the database operation unit 121 (FIG. 4). When a column nameis changed to ciphertext, for example, the following SQL command may beissued.

ALTER TABLE table name RENAME COLUMN column name before change TO columnname after change

A SQL statement including the column name before change as the encrypteddata and the column name after change as the plaintext may be issued tothe database operation unit 121 (FIG. 4). In addition, the correspondingtable and column names in the ciphertext table information table (FIG.7B) are replaced with the plaintext table and column names.

Step 3. Changing security setting information:

The database control means 12 is requested to replace the entries under“Encrypted Text Table Name” or “Encrypted Text Column Name” in thesecurity setting information storage unit 14 (see FIG. 6) with theplaintext table or column name. In addition, a request for changinginformation under the column “Encryption of Table Name” or “Encryptionof Column Name” to “NULL” is sent. The security setting informationoperation unit 124 in the database control means 12 changes the securitysetting information.

Step 4. Changing security setting information temporary storage unit:

The security setting information operation unit 225 in the applicationresponse means 22 replaces the ciphertext table or column name with thecorresponding plaintext table or column name, changes the correspondingentry under the column “Decrypted Table Name” or “Decrypted Column Name”to “NULL”, and changes the corresponding entry under the column“Encryption of Table Name” or “Encryption of Column Name” to “NULL” inthe security setting information temporary storage unit 25 (see FIG. 9).

Step 5. Sending information representing completion of change:

The application response means 22 sends information representingcompletion of the change to the security setting means 26.

The security setting means 26 may simultaneously or separately changethe corresponding entries under “Encryption of Table Name” and“Encryption of Column Name” to “NULL”. Alternatively, encryption of aplurality of tables or a plurality of columns may collectively bechanged to “NULL”. In such case, the above steps 1 to 4 are executed toeach of the tables/columns.

<Confidentiality Setting Processing>

In the present exemplary embodiment, to avoid modification of theexisting database use application 21, an operation for setting a dataconfidentiality level is executed via the security setting means 26. Thesecurity setting means 26 queries the application response means 22about current content of the security setting information storage unit14 and content of the database 11. Instead of querying about all theinformation at once, the security setting means 26 may partially or in astepwise manner, query about the information, for example, by queryingabout a list of all table names first and a list of column names andsecurity settings of certain tables next.

The application response means 22 reads the contents of the securitysetting information storage unit 14. If metadata is encrypted, theapplication response means 22 uses the key utilization means 23 todecrypt the encrypted metadata and sends the decrypted metadata to thesecurity setting means 26.

According to the present exemplary embodiment, processing efficiency canbe improved by using information stored in the security settinginformation temporary storage unit 25.

The application response means 22 reads the contents of the database 11via the database control means 12. If metadata (table and column names)and column data is encrypted, the application response means 22 uses thekey utilization means 23 to decrypt the metadata and the column data andsends the decrypted metadata and column data to the security settingmeans 26. The security setting means 26 displays security settinginformation and database information.

The database user specifies encryption or non-encryption of metadata andthe confidentiality level of column data (for example, one of the threelevels “Low”, “Middle”, and “High”) to the security setting means 26 viathe input/output apparatus 27.

The security setting means 26 sends the inputted confidentialityinformation to the application response means 22. The applicationresponse means 22 reflects the confidentiality information sent from thesecurity setting means 26 on the security setting information temporarystorage unit 25 and causes the security setting information storage unit14 to change the contents of the database 11 via the database controlmeans 12.

<Confidentiality Setting 1>

FIG. 14 is a flowchart illustrating a processing procedure for setting aconfidentiality level to plaintext column data stored in the database 11(for encrypting plaintext column data).

Step 0.

The application response means 22 receives a setting target table nameand column name and setting content (confidentiality) from the securitysetting means 26.

Step 1. Selecting encryption algorithm:

The application response means 22 refers to the cryptographic protocolinformation storage unit 13 (see FIG. 5), gets a list of encryptionalgorithm identifiers corresponding to the inputted confidentialitylevel (High, Middle, Low), and selects one of the encryption algorithmidentifiers. If one of the encryption algorithm identifierscorresponding to a single confidentiality level is selected from thelist, one that can achieve good processing efficiency is selected. Theapplication response means 22 may automatically select such encryptionalgorithm identifier. Alternatively, the list of encryption algorithmidentifiers may be displayed on the screen via the security settingmeans 26 and the user changing the confidentiality level may select anencryption algorithm identifier.

Step 2. Changing security setting information:

The application response means 22 requests the security settinginformation operation unit 124 in the database control means 12 tochange the corresponding entry under “Confidentiality of Column Data”corresponding to the setting target table name and column name in thesecurity setting information storage unit 14 (see FIG. 6) to theinputted confidentiality level. In addition, the application responsemeans 22 requests the security setting information operation unit 124 tochange the corresponding entry under “Column Data Encryption AlgorithmIdentifier” to the encryption algorithm identifier selected in step 1.In this way, the security setting information in the security settinginformation storage unit 14 is updated. If the setting target table nameand column name are encrypted, the application response means 22searches the decrypted table names or the decrypted column names in thesecurity setting information temporary storage unit 25 for table andcolumn names matching the plaintext table name or the plaintext columnname inputted from the security setting means 26. Next, the applicationresponse means 22 gets the corresponding ciphertext table name orciphertext column name and determines the setting-target ciphertexttable name and ciphertext column name in the security settinginformation storage unit 14 (see FIG. 6).

Step 3. Changing security setting information temporary storage unit:

The security setting information operation unit 225 in the applicationresponse means 22 causes the security setting information temporarystorage unit 25 to change the corresponding entry under “Confidentialityof Column Data” corresponding to the setting target table name andcolumn name from “Null” to the inputted confidentiality level and tochange the corresponding entry under “Column Data Encryption AlgorithmIdentifier” to the encryption algorithm identifier selected in step 1.

Step 4. Getting setting target column data:

The application response means 22 requests the database control means 12to acquire column data corresponding to the setting target table nameand column name and gets the column data. As described above, the columndata is stored in a ciphertext table (FIG. 7) in the database 11. If thedatabase does not include the column data of the corresponding column,the operation proceeds to step 9.

Step 5. Encrypting column data and creating serial numbers, plaintext,and ciphertext:

The application response means 22 sends the obtained column data(plaintext column data) and the encryption algorithm identifier selectedin step 1 to the key utilization means 23 and requests the keyutilization means 23 to encrypt the column data. The applicationresponse means 22 allocates serial numbers to the obtained ciphertextcolumn data and creates a list including a set of

[serial number, plaintext column data, ciphertext column data].

Step 6. Creating ciphertext table:

The application response means 22 requests the database control means 12to create a table storing a list including a set of [serial number,ciphertext column data] created in step 5 and creates a ciphertext tablein the database 11 (the ciphertext table name is ciphertext_encryptionalgorithm identifier, as illustrated in FIG. 7B).

Step 7. Updating ciphertext table information table:

The application response means 22 requests the database control means 12to add a set of [setting target table name, setting target column name,encryption algorithm identifier selected in step 1, ciphertext tablename created] in the ciphertext table information table (see FIG. 7B).The database control means 12 adds the combination of [table name,column name, encryption algorithm identifier, ciphertext table name] inthe ciphertext table information table (see FIG. 7B).

Step 8. Replacing plaintext column data:

The application response means 22 requests the database control means 12to replace the corresponding plaintext column data under the databaseoperation target column (for example, the data under the column name“Work Location” in FIG. 7A) with the serial numbers associated in thecombination of [serial number, plaintext column data, ciphertext columndata] created in step 5 (see FIG. 7C). The database control means 12associates ID=1, 2, and so on with the encrypted data column dataencrypted in step 5, respectively, in the ciphertext table and storesthe associated information (see the storage formats in FIGS. 7D to 7F).

Step 9. Sending information representing completion of change:

The application response means 22 sends information representingcompletion of the change to the security setting means 26.

Other than cases in which plaintext column data already stored in thedatabase 11 is encrypted by an encryption algorithm corresponding to aconfidentiality level and is stored in the database 11, the procedure inFIG. 14 is also applicable to such cases in which plaintext column datais stored in the database 11 in response to a database operation commandinputted to the application response means 22 (for example, cases inwhich, while a confidentiality level has been set to newly-registeredcolumn data via the security setting means 26, an encryption algorithmor the like has not been selected yet).

<Confidentiality Setting 2>

The procedure illustrated in FIG. 14 is a processing procedure forsetting a confidentiality level to plaintext column data stored in thedatabase 11 when the database control means 12 has the configuration inFIG. 3 or FIG. 4. FIG. 28 is a flowchart illustrating a processingprocedure for setting a confidentiality level to plaintext column datastored in the database 11 when the database control means 12 has theconfiguration in FIG. 26 or FIG. 27. In FIG. 28, steps 1 to 9 are thesame as those in FIG. 14. In FIG. 28, if the encryption algorithmselected in step 1 corresponds to public key encryption such as HE1, thebranching to step 10 is performed after step 3.

Step 10: If the encryption algorithm selected in step 1 corresponds topublic key encryption such as HE1, the application response means 22gets public key information via the key utilization means 23, sends thepublic key information and the corresponding encryption algorithmidentifier to the database control means 12, and requests the databasecontrol means 12 to encrypt the plaintext column data.

Step 11: The database control means 12 gets the setting target plaintextcolumn data from the database 11. If there is no corresponding columndata, branching to step 16 is performed.

Step 12: The encryption calculation unit 126 in the database controlmeans 12 encrypts the column data, by using the encryption algorithmidentifier and the public key information received from the applicationresponse means 22. The database control means 12 allocates serialnumbers to the obtained ciphertext column data and creates a listincluding a set of [serial number, plaintext column data, ciphertextcolumn data].

Step 13: The database control means 12 creates a ciphertext table (seeFIGS. 7D to 7F) storing a list including a set of [serial number,ciphertext column data].

Step 14: The database control means 12 adds a set of [setting targettable name, setting target column name, encryption algorithm identifierselected in step 1, ciphertext table name created in step 12] in theciphertext table information table (see FIG. 7B).

Step 15: The database control means 12 replaces the correspondingplaintext column data under the operation target column with the serialnumbers associated in the combination of [serial number, plaintextcolumn data, ciphertext column data] created in step 12 and stores theobtained information in the database 11.

Step 16: The database control means 12 sends information representingcompletion of the encryption of the plaintext column data to theapplication response means 22. The application response means 22 sendsthe information representing completion of the change to the securitysetting means 26 (step 9).

<Change of a Confidentiality Level>

Next, processing for reflecting a column data confidentiality level inthe security setting information storage unit 14, the security settinginformation temporary storage unit 25, and the database 11 will bedescribed. The following description will be made assuming that aconfidentiality level has already been set.

The application response means 22 refers to the security settinginformation storage unit 14, gets information about a column dataconfidentiality level that has already been set to a specified column,and compares the column data confidentiality level with a newlyspecified confidentiality level. If the confidentiality level is thesame, the application response means 22 does not execute any processing.If the newly specified confidentiality level is lower than the columndata confidentiality level already set in the security settinginformation storage unit 14, the application response means 22 changesthe corresponding entry under “Confidentiality of Column Data” in thesecurity setting information to the newly specified confidentialitylevel.

If the confidentiality level specified via the security setting means 26is higher than the column data confidentiality level already been set inthe security setting information storage unit 14, step 4 and subsequentsteps thereto in FIG. 15 will be executed.

FIG. 15 illustrates a processing flow executed by the applicationresponse means 22 to reflect a setting target and setting contentinputted via the security setting means 26. Processing for changing aset confidentiality level (to a higher level) (processing by theapplication response means 22) will be described with reference to FIG.15.

Step 0:

The application response means 22 receives a setting target table nameand column name and setting content (change of a confidentiality level)from the security setting means 26.

Step 1. Getting list of encryption algorithm identifiers already beenset:

The application response means 22 gets a list of encryption algorithmidentifiers used for encryption of the column data specified by theinputted setting-target table name and column name from the securitysetting information storage unit 14 (see FIG. 6) in the database system10. If the setting-target table name and column name are encrypted, theapplication response means 22 searches the decrypted table names ordecrypted column names in the security setting information temporarystorage unit 25 for the table name and column name matching theplaintext table name or the plaintext column name inputted via thesecurity setting means 26, gets the corresponding ciphertext table nameor ciphertext column name, and determines the setting target ciphertexttable name and ciphertext column name in the security settinginformation storage unit 14 (see FIG. 6).

Step 2. Getting list of encryption algorithm identifiers correspondingto specified confidentiality level:

The application response means 22 refers to the cryptographic protocolinformation storage unit 13 (FIG. 5) in the database system 10 and getsa list of encryption algorithm identifiers corresponding to thenewly-inputted confidentiality level.

Step 3. Comparing encryption algorithm identifiers:

The application response means 22 compares the list of encryptionalgorithm identifiers obtained in step 1 with the list of encryptionalgorithm identifiers corresponding to the list of the newconfidentiality level obtained in step 2.

Step 4. Creating new ciphertext table:

As a result of the comparison in step 3, if a common encryptionalgorithm identifier does not exist in the list of encryption algorithmidentifiers obtained in step 1 and the list of encryption algorithmidentifiers corresponding to the new confidentiality level obtained instep 2, the application response means 22 creates a new ciphertext tablein accordance with the following procedure. If a common encryptionalgorithm identifier exists, since data encrypted by an encryptionalgorithm with the same confidentiality level exists, the followingconfidentiality change processing is not executed (processing forre-encrypting data by an encryption algorithm corresponding to the newconfidentiality information, creating a ciphertext table, and updatingthe ciphertext table information).

Step 5. Getting all the encrypted data from existing ciphertext table:

If a plurality of encryption algorithm identifiers are included in thelist of encryption algorithm identifiers obtained in step 1, theapplication response means 22 selects one of the encryption algorithmidentifiers (if only one encryption algorithm identifier is included,that encryption algorithm identifier is selected) and requests thedatabase control means 12 to acquire the content of the ciphertext tablecorresponding to the selected encryption algorithm identifier from thedatabase 11. The database control means 12 refers to the ciphertexttable information table (see FIG. 7B), identifies a ciphertext tablename corresponding to the selected encryption algorithm identifier, getsthe content of the identified ciphertext table (the content is stored informat in which an ID and a ciphertext are stored in a pair format), andsends the content to the application response means 22.

Step 6. Decrypting ciphertext:

The application response means 22 sends the encryption algorithmidentifier selected in step 5 and the obtained ciphertext to the keyutilization means 23 and requests the key utilization means 23 todecrypt the encrypted data into plaintext.

Step 7. Creating ciphertext with encryption algorithm having newidentifier:

If the list of encryption algorithm identifiers corresponding to theconfidentiality level obtained in step 2 includes a plurality ofencryption algorithm identifiers that are included only therein (thatare not included in the list of encryption algorithm identifiersobtained in step 1), the application response means 22 selects one ofthe encryption algorithm identifiers (if only one encryption algorithmidentifier is included, that encryption algorithm identifier isselected), sends the selected encryption algorithm identifier and theplaintext obtained in step 6 to the key utilization means 23, andrequests the key utilization means 23 to encrypt the plaintext with theencryption algorithm having the new identifier. Next, a list including aset of

[serial number, plaintext, ciphertext]

is newly created.

Step 8. Creating ciphertext table:

The application response means 22 requests the database control means 12to create a ciphertext table storing a list including a set of

[serial number, ciphertext]

to create a ciphertext table (see the storage format in FIGS. 7D to 7F).

Step 9. Updating ciphertext table information table:

To add a new table in the encryption table information table (see FIG.7B), the application response means 22 requests the database controlmeans 12 to add a set of

[target table name, target column name, new encryption algorithmidentifier, ciphertext table name created in step 8].

Step 10. Deleting ciphertext table not satisfying specifiedconfidentiality level:

Regarding the encryption algorithm identifiers only included in step 1,the application response means 22 requests the database control means 12to refer to the ciphertext table information table (see FIG. 7B),determine a corresponding ciphertext table name, and delete thecorresponding ciphertext table and the corresponding part in theciphertext table information table (a row (an entry) including aciphertext table name as the deletion target) from the database 11.Through this operation, regarding the column data for which change ofthe confidentiality level is specified, the column data encrypted withan encryption algorithm having a lower confidentiality level than anewly specified confidentiality level is deleted from the database 11.

If the currently set confidentiality level is set to be lower viasecurity setting means 26, likewise processing is executed. If dataencrypted with an encryption algorithm corresponding to the sameconfidentiality level as a newly specified confidentiality level exists,the processing for executing re-encryption with an encryption algorithmcorresponding to the newly specified confidentiality level and forcreating a ciphertext table is not executed.

<Data Addition Procession>

Next, a processing procedure for adding new column data in the databasewill be described. FIG. 16 is a flowchart illustrating processingexecuted by the application response means 22 for adding data in a tablealready been created in the database 11.

Step 0. Receiving data addition instruction:

The application response means 22 recognizes that a database operationcommand inputted from the database utilization application 21 is a dataaddition instruction, such as the following SQL INSERT statement

(INSERT INTO (column name 1, column name 2, . . . ) VALUES (value 1,value 2, . . . ).

Step 1. Determining whether or not metadata is encrypted:

The application response means 22 refers to the security settinginformation storage unit 14 in the database system 10 or the securitysetting information temporary storage unit 25 and determines whether theaddition target table name and column name are encrypted in the database11.

Step 2. Replacing plaintext metadata with ciphertext:

If the table name and column name specified by the database operationcommand corresponding to the data addition instruction are encrypted,the application response means 22 gets the ciphertext table name andplaintext column name corresponding to the plaintext table name andcolumn name under the columns “Decrypted Table Name” and “DecryptedColumn Name” in the security setting information temporary storage unit25 and replaces the plaintext table name and plaintext column nameincluded in the data addition instruction such as the above INSERTstatement with the ciphertext table name and ciphertext column nameobtained.

The application response means 22 refers to the security settinginformation storage unit 14 or the security setting informationtemporary storage unit 25 and gets a column data confidentiality leveland an encryption algorithm identifier corresponding to the additiontarget column.

Step 3. Checking confidentiality already been set:

If the confidentiality level of the column data corresponding to thetable name and column name represents Null in the security settinginformation storage unit 14 or the security setting informationtemporary storage unit 25 (if a confidentiality level is not set), theapplication response means 22 executes step 8. If a column dataconfidentiality level is set, the application response means 22 executesstep 4.

Step 4. Creating encrypted data based on confidentiality already beenset:

If a column data confidentiality level and an encryption algorithmidentifier are set, regarding all the encryption algorithm identifiersset, the application response means 22 sends the plaintext data to beadded and the encryption algorithm identifiers to the key utilizationmeans 23, encrypts the plaintext data with the set encryption algorithm,and creates a list including a set of

[encryption algorithm identifier, encrypted data].

Step 5. Requesting addition of data including encryption algorithmidentifier and encrypted data:

The application response means 22 sends the addition target table nameand column name and [encryption algorithm identifier, encrypted data]obtained in step 4 to the database control means 12 to request additionof the data in the database 11.

Step 6. Adding encrypted data in ciphertext table:

The database control means 12 gets the maximum value of the serialnumbers stored in the addition target column and sets a value obtainedby adding 1 to the maximum value of the serial numbers as an addition IDstart number IDx.

The database control means 12 refers to the ciphertext table informationtable (FIG. 7B) for all sets of [encryption algorithm identifier,encrypted data] obtained in step 4 and gets a ciphertext table namecorresponding to an encryption algorithm identifier specified by theaddition target table and column.

Next, the database control means 12 adds a set of [addition ID,encrypted data] in the ciphertext table obtained. Referring to FIGS. 7Dto 7F and the like, the ciphertext table stores pair information aboutan ID and associated encrypted data. Thus, [addition ID, encrypted data]is added to the last row in the ciphertext table. If a plurality of datais added, the addition IDs are sequentially incremented from the startnumber IDx, such as IDx+1, IDx+2, and so on.

Step 7. Adding addition IDs in entries under column in target table:

In the corresponding entries under the column in the addition targettable, the addition IDs obtained in step 6 are added as column data. Forexample, the addition IDs are added after the last row in the column inthe table (after encryption) in FIG. 7C. If the number of data to beadded is N, IDx, IDx+1, IDx+2, . . . , IDx+N−1 are added after the lastrow in the column in the table (after encryption) in FIG. 7C and themaximum ID value is updated to IDx+N−1.

Steps 4 to 7 correspond to data addition processing executed when aconfidentiality level is set.

In step 3, if a confidentiality level is not set, the followingprocessing is executed.

Step 8. Requesting addition of data in target table:

The application response means 22 sends an instruction for adding data,obtained after the addition target table name and column name areencrypted to ciphertext in step 2, to the database control means 12, soas to request the database control means 12 to add the data in thedatabase 11.

Step 9. Adding data in target table:

The database control means 12 adds the data in the database 11 inaccordance with the data addition instruction sent from the applicationresponse means 22.

A processing procedure for setting application or non-application ofencryption and for setting a confidentiality level as securityinformation settings and a processing procedure for adding column dataas a database operation example according to the present exemplaryembodiment have thus been described with reference to the respectiveflowcharts. Hereinafter, some of the representative processing in thesystem according to the present exemplary embodiment will be described(since the processing does not basically involve any decision and thelike, no flowchart is used).

<Initial Operation after Application Response Means is Started>

An initial operation executed after the application response means 22 isstarted will be described with reference to FIG. 1. In an initialoperation of the application response means, to improve the efficiencyof the subsequent processing, as an initial operation after theapplication response means is started, processing for reading part ofthe information stored in the database system 10 out to the user system20 side and processing for generating auxiliary information is executed.

The application response means 22 reads the contents in the securitysetting information storage unit 14 in the database system 10 via thedatabase control means 12 and stores the read contents in the securitysetting information temporary storage unit 25.

If metadata (table and column names) in the database 11 is encrypted,the application response means 22 decrypts the encrypted metadata viathe key utilization means 23 and stores the decrypted metadata in thecorresponding columns under “Decrypted Table Name” and “Decrypted ColumnName” in the security setting information temporary storage unit 25. Inaddition, the application response means 22 may read the contents in thecryptographic protocol information storage unit 13 in the databasesystem 10 out to the user system 20 side and store the read contents ina storage unit during an initial operation of the application responsemeans 22.

<Processing for Operating Metadata>

Operations for adding a new table and changing an existing table nameand column name in the database 11 (operating metadata) will bedescribed. When a new table is added in the database 11, as describedabove, security information is set via the security setting means 26.

Upon reception of a database operation command for adding a table fromthe database utilization application 21, the application response means22 notifies the security setting means 26 of this command. The securitysetting means 26 displays the content of the table addition command on ascreen and requests the database user to input security settinginformation about the table to be added (encryption or non-encryption ofa table name and of a column name and a column data confidentialitylevel). The security setting means 26 sends the security settinginformation inputted by the database user to the application responsemeans 22.

The application response means 22 encrypts the table name and the columnname in accordance with the security setting information sent from thesecurity setting means 26, sends the database operation command foradding a table to the database control means 12, and creates a table inthe database 11.

The application response means 22 sends the security setting informationto the database control means 12 and stores the security settinginformation in the security setting information storage unit 14. Theapplication response means 22 stores the same security settinginformation as the security setting information stored in the securitysetting information storage unit 14 in the security setting informationtemporary storage unit 25. If the table name and the column name havebeen encrypted, the table name and the column name before encryption arestored in the respective columns under the columns “Decrypted TableName” and “Decrypted Column Name”.

<Change of Table Name and Column Name>

Processing for changing setting contents of metadata such as a tablename and a column name of a table stored in the database 11 (change ofencryption to “Applied” and change of encryption to “NULL”) has alreadybeen described with reference to FIGS. 12 and 13. Hereinafter,processing for changing a table name and a column name will bedescribed.

To change an existing table name and column name stored in the database11, different processing needs to be executed depending on whether thetable name and the column name have been encrypted.

Upon reception of a database operation command for changing a table nameand a column name, the application response means 22 searches thesecurity setting information temporary storage unit 25 and determineswhether the settings of encryption of the change target table name andcolumn name represent “Applied”.

If the settings of encryption represent “NULL”, the application responsemeans 22 sends the database operation command as a normal databaseoperation to the database control means 12 and causes the databasecontrol means 12 to execute a corresponding database operation. Inaddition, the table name and the column name stored in the securitysetting information storage unit 14 and the security setting informationtemporary storage unit 25 are also changed. If the settings ofencryption represent “Applied”, the following processing is executed.

Step 1: The application response means 22 uses the key utilization means23 to encrypt the specified change-target plaintext table name andcolumn name and, regarding the changed table name and column name,creates a set of

[plaintext table name and column name, ciphertext table name and columnname].

Step 2: The application response means 22 refers to the security settinginformation temporary storage unit 25, searches for the ciphertext tablename and column name corresponding to the specified change-targetplaintext table name and column name, and determines the ciphertexttable name and column name registered in the database 11.

Step 3: The application response means 22 sends a database operationcommand to the database control means 12 to replace the ciphertext tablename and column name identified in step 2 and currently registered inthe database 11 with the changed ciphertext table name and column namecreated in step 1, so as to change the table name and the column name inthe database 11.

Step 4: The application response means 22 replaces the ciphertext tablename and column name stored in the security setting information storageunit 14 and the security setting information temporary storage unit 25and identified in step 2 with the ciphertext table name and column namecreated in step 1. In addition, the application response means 22replaces the corresponding plaintext table name and column name(decrypted table name and column name) stored in the security settinginformation temporary storage unit 25 with the specified changedplaintext table name and column name.

<Adding Data in Existing Table>

Addition of data under a column in an existing table already been storedin the database 11 has already been described with reference to FIG. 16.Data to be added is encrypted, and a number (an addition ID) obtained byadding 1 to a current table row number (the maximum value of the serialnumbers) is added as data in an entry under a specified column in aspecified table. The ciphertext table information table (FIG. 7B) isreferred to, and a set of the addition ID and ciphertext is added in aciphertext table corresponding to an encryption algorithm correspondingto the data to be added (if a plurality of encryption algorithms exist,such data is added in a plurality of ciphertext tables corresponding tothe plurality of encryption algorithms).

<Changing Data in Existing Table>

Processing executed by the application response means 22 and thedatabase control means 12 when a database operation command inputtedfrom the database utilization application 21 represents change of datawill be described. For example, a SQL command for changing data is asfollows:

UPDATE table name SET <column>=<value>

Step 1: The application response means 22 refers to the security settinginformation storage unit 14 (or the security setting informationtemporary storage unit 25) and determines whether the table name andcolumn name corresponding to a supplementary change target areencrypted.

Step 2: If the table name and column name corresponding to thesupplementary change target are encrypted, the application responsemeans 22 refers to the security setting information temporary storageunit 25, gets the ciphertext table name and column name on the database11, and replaces the (plaintext) table name and column namecorresponding to the database operation command inputted to theapplication response means 22 with the obtained ciphertext table nameand column name.

Step 3: The application response means 22 refers to the security settinginformation storage unit 14 (or the security setting informationtemporary storage unit 25) and determines whether a confidentialitylevel is set to the change target column data.

Step 4: If the column data confidentiality level corresponding to thetable name and the column name in the security setting informationstorage unit 14 (or the security setting information temporary storageunit 25) is Null (a confidentiality level is not set), the applicationresponse means 22 sends a database operation command that has onlyreplaced the above table name and column name to the database controlmeans 12 and causes the database control means 12 to execute the change.

If a column data confidentiality level corresponding to the table nameand the column name in the security setting information storage unit 14(or the security setting information temporary storage unit 25) is set,the following processing is executed.

Step 5: The application response means 22 refers to the security settinginformation storage unit 14 (or the security setting informationtemporary storage unit 25) and gets all the encryption algorithmidentifiers of the target column.

Step 6: The application response means 22 encrypts the change targetplaintext data with all the encryption algorithms corresponding to theobtained identifiers.

Step 7: The application response means 22 sends information about thechange target table name and column name, specification of the changetarget rows, and all the created sets of

[encryption algorithm identifier, ciphertext]

to the database control means 12.

Step 8: The database control means 12 refers to the change target tableand column and gets the serial numbers stored in the change target rows.

Step 9: The database control means 12 refers to the ciphertext tableinformation, identifies a ciphertext table per encryption algorithm, andrewrites the encrypted data in the rows corresponding to the serialnumbers obtained in step 4 with the encrypted data received in step 7.

<Deleting Data from Existing Table>

Processing executed by the application response means 22 and thedatabase control means 12 when a database operation command inputtedfrom the database utilization application 21 represents deletion of datawill be described.

Step 1: The application response means 22 refers to the security settinginformation storage unit 14 (or the security setting informationtemporary storage unit 25) and determines whether the table name of theoperation target is encrypted.

Step 2: If the operation target table name is not encrypted, theapplication response means 22 sends the database operation command as anormal operation command to the database control means 12.

Step 3: If the operation target table name is encrypted, the applicationresponse means 22 refers to the security setting information temporarystorage unit 25, gets a corresponding ciphertext table name on thedatabase 11, replaces the operation target table name with the obtainedciphertext table name, and sends the obtained ciphertext table name tothe database control means 12.

Step 4: The database control means 12 deletes the data in accordancewith the database operation command from the application response means22. In this step, whether a column in which data is encrypted exists inthe deletion target table is determined. If such column in whichencryption is executed exists, data in the corresponding ciphertexttable is also deleted.

<Searching for and Computing Data in Existing Table>

Next, processing executed when a database operation command representssearching for and calculating data in an existing table will bedescribed.

Step 1: The application response means 22 refers to the security settinginformation storage unit 14 (or the security setting informationtemporary storage unit 25) and determines whether the table name and thecolumn name of the operation target are encrypted.

Step 2: If the operation target table name and column name areencrypted, the application response means 22 refers to the securitysetting information temporary storage unit 25, gets a correspondingciphertext table name and column name on the database 11, and replacesthe plaintext table name and column name corresponding to the databaseoperation command inputted from the application response means 22 withthe obtained ciphertext table name and column name.

Step 3: The application response means 22 refers to the security settinginformation storage unit 14 or the security setting informationtemporary storage unit 25 and determines whether a column dataconfidentiality level is set to the operation target column data.

If a confidentiality level is not set to the operation target column (ifcolumn data is not encrypted), the following steps 4 to 6 are executed.

Step 4: The application response means 22 sends the database operationcommand (search and computation) that has replaced the table name andcolumn name to the database control means 12.

Step 5: The database control means 12 executes the database operation(search and computation) received from the application response means 22and sends an execution result to the application response means 22.

Step 6: If the table name and column name included in the databaseoperation command (search and computation) have been replaced withciphertext, the database control means 12 replaces the table name andcolumn name included in the execution result of the database operationwith the corresponding plaintext table name and column name again andsends the obtained data to the application response means 22.

Next, processing for searching for and calculating data in an existingtable executed when a column data confidentiality level is set to theoperation target column will be described.

Step 7: The application response means 22 refers to the security settinginformation storage unit 14 and gets an encryption algorithm identifierused for encryption of the operation target column.

Step 8: The application response means 22 refers to the cryptographicprotocol information storage unit 13 and gets a cryptographic protocolidentifier (see FIG. 5) corresponding to a triplet [processing content,confidentiality set in operation target column, encryption algorithmidentifier used for encryption of operation target column].

Step 9: [cryptographic protocol identifier, operation target column,processing content] is inputted to the cryptographic protocol processingexecution unit 222 in the application response means 22.

Step 10: Based on the inputted cryptographic protocol identifier, thecryptographic protocol processing execution unit 222 in the applicationresponse means 22 communicates with the database control means 12,executes the database operation, and obtains an execution result. Thespecific content of the cryptographic protocol processing differsdepending on the cryptographic protocol.

Step 11: If the table name and the column name included in the databaseoperation command have been replaced, the database control means 12replaces the ciphertext table name and column name included in theobtained execution result with the plaintext table name and column nameagain and sends the execution result to the application.

<Operation Example of Processing for Setting Confidentiality to Data>

Next, processing for setting a column “Employee Table” and a column“Work Location” to a confidentiality level “Middle” according to thepresent exemplary embodiment will be described.

Step 1. Selecting encryption algorithm:

The application response means 22 selects an encryption algorithmcorresponding to a confidentiality level specified by the user via thesecurity setting means 26. Referring to FIG. 17, the applicationresponse means 22 refers to the cryptographic protocol informationstorage unit 13 and gets a list of encryption algorithm identifierscorresponding the confidentiality level “Middle” (“SE1”, “AES”, “HE1”).The application response means 22 selects one identifier from the listof encryption algorithm identifiers (“SE1”, “AES”, “HE1”). In this case,the application response means 22 puts weight on efficiency in creationof ciphertext and selects “AES”.

Step 2. Changing security setting information storage unit:

Referring to FIG. 18, the security setting information operation unit124 in the database system 10 refers to the row storing informationcorresponding to the table name “Employee Table” and the column name“Work Location” in the security setting information storage unit 14 andchanges the corresponding entry under “Encryption of Column Data” from“NULL” to “Applied”, the corresponding entry under “Confidentiality ofColumn Data” from “NULL” to “Middle”, and the corresponding entry under“Column Data Encryption Algorithm Identifier” from “NULL” to “AES”.

Step 3. Changing security setting information temporary storage unit 25:

The security setting information operation unit 225 in the applicationresponse means 22 refers to the row storing information corresponding tothe table name “Employee Table” and the column name “Work Location” inthe security setting information temporary storage unit 25 and makes thesame changes as those made to the security setting information storageunit 14. Namely, as illustrated in FIG. 19, the security settinginformation operation unit 225 refers to the row storing informationcorresponding to the table name “Employee Table” and the column name“Work Location” and changes the corresponding entry under “Encryption ofColumn Data” from “NULL” to “Applied”, the corresponding entry under“Confidentiality of Column Data” from “NULL” to “Middle”, and thecorresponding entry under “Column Data Encryption Algorithm Identifier”from “NULL” to “AES”.

Step 4. Getting target column data:

FIG. 20A illustrates the table “Employee Table”. The database controlmeans 12 gets a list of data under the column “Work Location” from thetable “Employee Table” and sends the data to the application responsemeans 22. In this step, a main key column uniquely determining a columnin the table “Employee Table” is also obtained. In this case, the column“Employee Number” is used as such main key.

Step 5. Encrypting obtained column data:

The application response means 22 causes the key utilization means 23 toencrypt the data under the column “Work Location”, associates theencrypted data with the respective original plaintext and employeenumbers, and creates a list including serial numbers 1, 2, 3, and so onas illustrated in FIG. 20B. This lest is stored in a storage unit in theapplication response means 22.

Step 6. Creating ciphertext table:

From the list (FIG. 21A) created in step 5, the application responsemeans 22 sends a list including a set of ciphertext (ciphertext “0x3d8 .. . ” of plaintext “Headquarters” and ciphertext “0x962 . . . ” ofplaintext “Tamagawa”) and serial numbers (1, 2, and so on), each setbeing as a pair, to the database control means 12 and creates and storesa ciphertext table. Referring to FIG. 21B, the ciphertext table name isset to “Encrypted Text_AES_1”. The ciphertext table includescombinations of serial numbers and ciphertext, each forming a pair.

Step 7. Updating ciphertext table information table:

Referring to FIG. 21C, the table name “Employee Table”, the column name“Work Location”, the encryption algorithm “AES”, and the ciphertexttable name “Encrypted Text_AES_1” are stored in the ciphertext tableinformation table.

Step 8. Replacing plaintext column data:

The list (FIG. 22A) of sets of employee numbers and serial numberscreated in step 5 is sent to the database control means 12 and, asillustrated in FIG. 22B, the values under the column “Work Location” inthe table “Employee Table” are replaced with the respective serialnumbers (1, 2, and so on). When replacement with the serial numbers iscompleted, the list (FIG. 22A) created in step 5 is deleted. Theciphertext table and the ciphertext table information table in FIGS. 22Cand 22D are the same as the ciphertext table and the ciphertext tableinformation table in FIGS. 21B and 21C.

<Average Value Computation>

Next, a computation example for computing an average value of encrypteddata stored in the database 11 will be described. FIG. 23 illustratesthe security setting information temporary storage unit 25 referred toin this example. Processing for computing an average value of encrypteddata under column names “Overtime Hours” in table names “Working HoursManagement Table” stored in the database 11 will be described.

In the table names “Working Hours Management Table”, the column dataconfidentiality of the column data under the column “Working Hours” andof the column data under a first column “Overtime Hours” are set to“Middle” and the column data is encrypted by an encryption algorithmhaving the identifier “AES”. In addition, the column data under a secondcolumn “Overtime Hours” is encrypted by an encryption algorithm havingthe identifier “HE1”. Except for the information under “Decrypted TableName” and “Decrypted Column Name”, the security setting informationstorage unit 14 on the database system 10 stores the same information asthat stored in the security setting information temporary storage unit25 in FIG. 23.

FIG. 24A illustrates the content of the main body in the table name“Working Hours Management Table”. The serial numbers (IDs) 1, 2, 3, andso on under “Working Hours” and “Overtime Hours” are the serial numbers(IDs) 1, 2, 3, and so on associated with the respective ciphertext inthe respective ciphertext tables. FIG. 24C illustrates the ciphertexttable “Encrypted Text_AES_1” storing the encrypted data under “WorkingHours” and FIGS. 24D and 24E illustrate the ciphertext tables “EncryptedText_AES_2” and “Encrypted Text_HE1_1” storing the encrypted data under“Overtime Hours”. FIG. 24B illustrates the ciphertext table informationtable defining a correspondence relationship among these tables.

FIG. 25 illustrates the cryptographic protocol information storage unit13. An encryption algorithm identifier OPE1 represents an orderpreserving symmetric encryption algorithm (common key method). “HE1”represents a homomorphic encryption and “SE1” represents a searchableencryption.

If a database operation command inputted from the database utilizationapplication 21 represents an average value computation operation (forexample, a SQL statement: SELECT AVG (column name) FROM table name), theapplication response means 22 determines encryption or non-encryption ofmetadata (table and column names). The application response means 22refers to the security setting information temporary storage unit 25 inFIG. 23 and gets information corresponding to the column names “OvertimeHours” in the table names “Working Hours Management Table”. Theapplication response means 22 refers to the corresponding entries under“Encryption of Table Name” and “Encryption of Column Name” anddetermines that “NULL” is set in both of the entries. In such this, theapplication response means 22 does not replace the metadata.

Next, the application response means 22 refers to the correspondingentries under “Confidentiality of Column Data” corresponding to thecolumn names “Overtime Hours” in the table names “Working HoursManagement Table” in the security setting information temporary storageunit 25 in FIG. 23 and determines that the column data confidentialitylevels are set to “Middle”. Thus, processing involving cryptographicprotocol processing is executed.

The application response means 22 refers to the corresponding entriesunder “Column Data Encryption Algorithm Identifier” in the table name“Working Hours Management Table” in the security setting informationtemporary storage unit 25 in FIG. 23 and gets encryption algorithmidentifiers “AES” and “HE1” used for encryption.

The application response means 22 refers to the cryptographic protocolinformation storage unit 13 (see FIG. 25) and searches for acryptographic protocol identifier(s) corresponding to theconfidentiality level “Middle” and the processing content “Average”, asto each of the encryption algorithms “AES” and “HE1”.

As a result of the search, the application response means 22 gets acryptographic protocol identifier “HE1_AVG_M”, as to the encryptionalgorithm “HE1”.

The following information is inputted to the cryptographic protocolprocessing execution unit 222 in the application response means 22:

cryptographic protocol identifier: “HE1_AVG_M”,

table name: “Working Hours Management Table”,

column name: “Overtime Hours”,

encryption algorithm: “HE1”, and

processing content: “Average”.

Based on the inputted cryptographic protocol identifier, thecryptographic protocol processing execution unit 222 communicates withthe cryptographic protocol processing execution unit 122 in the databasecontrol means 12 and executes cryptographic protocol processing. Whilespecific operations vary depending on the cryptographic protocol orimplementation thereof (an operation example will be described belowwhile the present invention is not particularly limited thereto). Anexecution result obtained by the cryptographic protocol processingexecution unit 222 is sent to the database utilization application 21.

The cryptographic protocol processing execution unit 222 in the usersystem 20 sends four items of information, namely, the operation targettable name “Working Hours Management Table”, the column name “OvertimeHours”, the encryption algorithm identifier “HE1”, and the cryptographicprotocol identifier “HE1_AVG_M”, to the cryptographic protocolprocessing execution unit 122 in the database control means 12.

The cryptographic protocol processing execution unit 122 operates asfollows in accordance with a processing procedure specified by thereceived cryptographic protocol identifier “HE1_AVG_M”.

The cryptographic protocol processing execution unit 122 refers to thecolumn “Overtime Hours” in the table “Working Hours Management Table” inthe ciphertext table information table (FIG. 24B) and gets the tablename “Encrypted Text_HE1_1” in which data encrypted by the encryptionalgorithm “HE1” is stored.

Next, the cryptographic protocol processing execution unit 122 gets allthe encrypted data and the number of data items stored under the column“Encrypted Text” in “Encrypted Text_HE1_1”.

The cryptographic protocol processing execution unit 122 calculates thesum of ciphertext representing the sum of plaintext, without decryptingthe encrypted data obtained. In additive homomorphic encryption such asthe Paillier cryptosystem, for example, if there are ciphertext E(m1) ofplaintext m1 and ciphertext E(m2) of plaintext m2, ciphertext E(m1+m2)of m1+m2 can be represented by E(m1)+E(m2)=E(m1+m2). Thus, the sum ofciphertext E(Σmi) can be computed by ΣE(mi).

The cryptographic protocol processing execution unit 122 in the databasecontrol means 12 sends the obtained sum of ciphertext and the number ofdata to the cryptographic protocol processing execution unit 222 (seeFIG. 8) in the user system 20 via the processing and communicationcontrol unit 125 (see FIG. 3). The above RSA encryption and Elgamallencryption are multiplicative homomorphic encryption. Thus, anencryption algorithm corresponding to a computation operation(processing content identifier) is set. For example, in the example ofthe cryptographic protocol information storage unit 13 in FIG. 25, thehomomorphic encryption algorithm HE1 (in this case, HE1 is the Pailliercrypto system or the like) is set for the processing content identifier“Average”.

The cryptographic protocol processing execution unit 222 in the usersystem 20 sends the sum of ciphertext received from the database controlmeans 12 and the encryption algorithm identifier “HE1” to the keyutilization means 23, decrypts the sum of ciphertext, and gets the sumof plaintext. Next, the cryptographic protocol processing execution unit222 calculates an average value (plaintext) by dividing the sum(plaintext) by the number of data (plaintext). The cryptographicprotocol processing execution unit 222 sends the computed average valueto the database utilization application 21 that has issued the databaseoperation command (average value).

Other than the above case of computing an average value, if computationof a part of a complex arithmetic computation such as addition ormultiplication can be executed on ciphertext as is in ciphertext byusing an additive homomorphic encryption algorithm or an multiplicativehomomorphic encryption algorithm, the cryptographic protocol processingexecution unit 122 in the database control means 12 sends a result(ciphertext) of computation on ciphertext to the cryptographic protocolprocessing execution unit 222 in the application response means 22.Next, the application response means 22 uses the key utilization means23 to decrypt the encrypted data as the processing result intoplaintext, executes the remaining computation of the complex arithmeticcomputation in plaintext, and sends the computation result to thedatabase utilization application 21. With this configuration, theprocessing efficiency can be improved. In addition, in the databasecontrol means 12, if the computation corresponding to a databaseoperation command involves a computation other than addition ormultiplication (for example, decryption computation involving addition,subtraction, multiplication, division, etc., magnitude comparisoncomputation, logic operation and so forth) and if processing cannot beexecuted as is in ciphertext, the computation target data in thedatabase 11 as is in ciphertext is sent to the application responsemeans 22. The application response means 22 uses the key utilizationmeans 23 to decrypt the encrypted data, executes the computation on theplaintext data, and sends the computation result to the databaseutilization application 21. With this configuration, arbitrarycomputations can be executed.

In the above exemplary embodiments, SQL commands are used as examples ofthe database operation commands. However, of course, the databaseoperation commands are not limited to the SQL commands.

At least part of the above exemplary embodiments may be summarized asthe following Supplementary Notes, though not limited thereto.

(Supplementary Note 1)

A database apparatus, comprising:

control means for executing data access control on a database;

the control means receiving a database operation command from a userapparatus,

the control means comprising, regarding data and/or metadata to behandled associated with the database operation command,

means for executing database operation or computation on encrypted dataand/or encrypted metadata as is in ciphertext; and

means for executing database operation or computation on plaintext dataand/or plaintext metadata,

the control means sending a processing result to the user apparatus.

(Supplementary Note 2)

The database apparatus according to Supplementary Note 1,

wherein when the control means receives the database operation commandfrom the user apparatus, when such a condition is med that operationtarget data encrypted and stored in the database is encrypted by anencryption algorithm allowing operation or computation on encrypted datato be executed as is in ciphertext and that operation or computation ofthe database operation command is operation or computation that can beexecuted on ciphertext, the control means performs operation orcomputation on the operation target data in ciphertext, outputs aprocessing result in ciphertext, and sends the processing result to theuser apparatus.

(Supplementary Note 3)

The database apparatus according to Supplementary Note 1 or 2, whereinthe control means sends a computation result of partial computation of acomputation of the database operation command to the user apparatus inciphertext,

wherein if the user apparatus finds that further partial computationneeds to executed in plaintext, the user apparatus executes the partialcomputation on data obtained by decrypting the encrypted data intoplaintext,

wherein if the computation of the database operation command stillincludes partial computation in ciphertext and if the partialcomputation is allowed to be executed on ciphertext as is in ciphertext,the user apparatus sends ciphertext obtained by encrypting the result ofthe partial computation in plaintext to the control means, and

wherein by using the encrypted data sent from the user apparatus, thecontrol means executes the remaining partial computation of thecomputation of the database operation command in ciphertext and sendsthe computation result of the partial computation to the user apparatusin ciphertext.

(Supplementary Note 4)

The database apparatus according to any one of Supplementary Note 1 to3, comprising:

a first storage unit storing information about encryption andnon-encryption of the metadata including table and column names storedin the database, information on whether or not data stored in thedatabase is encrypted, confidentiality information representing extentof data security, and encryption algorithm identification informationcorresponding to the confidentiality information, and

a second storage unit at least storing cryptographic protocolidentification information associating processing content in thedatabase operation command, confidentiality information, and encryptionalgorithm with each other.

(Supplementary Note 5)

The database apparatus according to Supplementary Note 4,

wherein the database serves as at least one of the first and secondstorage units and stores the information stored in the first and/orsecond storage unit as a table in the database.

(Supplementary Note 6)

The database apparatus according to Supplementary Note 4 or 5, whereinthe control means comprises a cryptographic protocol processingexecution unit that executes processing corresponding to the databaseoperation command on data encrypted by an encryption algorithmcorresponding to the confidentiality information in ciphertext, based oncryptographic protocol identification information stored in the secondstorage unit.

(Supplementary Note 7)

The database apparatus according to any one of Supplementary Note 1 to6, wherein regarding the computation operation corresponding to thedatabase operation command, if the computation operation corresponds tohomomorphic computation and the encryption algorithm corresponds tohomomorphic encryption, the control means executes the computationoperation on data in ciphertext in the database and sends thecomputation result in ciphertext to the user apparatus.

(Supplementary Note 8)

The database apparatus according to any one of Supplementary Note 1 to6, wherein regarding the computation of the database operation command,if the operation target data stored in the database in ciphertext isencrypted by an encryption algorithm not allowing the computation to beexecuted on encrypted data, the control means sends the operation targetencrypted data to the user apparatus, and

wherein the user apparatus decrypts the encrypted data into plaintextand executes the computation.

(Supplementary Note 9)

The database apparatus according to any one of Supplementary Note 1 to8, wherein if column data in a table in the database is encrypted, theuser apparatus encrypts the column data with an encryption algorithmcorresponding to confidentiality information set to the column data andsends the encrypted data to the control means,

wherein the control means creates a ciphertext table including a set ofa serial number and ciphertext of the column data, and

wherein to manage the ciphertext table, the database apparatus comprisesa ciphertext table information table including a set of a table name, acolumn name, an encryption algorithm, and a ciphertext table name.

(Supplementary Note 10)

The database apparatus according to any one of Supplementary Note 1 to9, wherein the control means comprises an encryption calculation unitencrypting metadata and/or data by using a public key sent from the userapparatus.

(Supplementary Note 11)

The database apparatus according to Supplementary Note 10, wherein ifcolumn data in a table in the database is encrypted, the databaseapparatus reads the column data from the database, gets public keyinformation from the user apparatus, and uses the encryption calculationunit to encrypt the column data,

wherein the database apparatus creates a ciphertext table including aset of a serial number and ciphertext of the column data, and

wherein to manage the ciphertext table, the database apparatus comprisesa ciphertext table information table including a set of a table name, acolumn name, an encryption algorithm, and a ciphertext table name.

(Supplementary Note 12)

The database apparatus according to Supplementary Note 9 or 11, whereinwhen the control means receives a database operation command to addcolumn data from the user apparatus, the control means adds a pair of anupdated serial number and ciphertext in the ciphertext table in thedatabase.

(Supplementary Note 13)

The database apparatus according to Supplementary Note 1, wherein whenreceiving an instruction to change confidentiality information aboutdata stored in the database, the control means sends encrypted datastored in the database to the user apparatus,

wherein the user apparatus decrypts the encrypted data into plaintextand encrypts the plaintext again with an encryption algorithmcorresponding to the changed confidentiality information, and

wherein the control means receives the re-encrypted data from the userapparatus and stores the re-encrypted data in the database.

(Supplementary Note 14)

A database control method, comprising:

receiving a database operation command from a user apparatus when dataaccess control is executed on a database,

executing at least one of:

database operation or computation on encrypted data and/or encryptedmetadata as is in ciphertext, and database operation or computation onplaintext data and/or plaintext metadata, regarding data and/or metadatato be handled associated with the database operation command, and

sending a processing result to the user apparatus.

(Supplementary Note 15)

The database control method according to Supplementary Note 14,comprising

upon reception of a database operation command from the user apparatus,

if such a condition is met that operation target data encrypted andstored in the database is encrypted by an encryption algorithm allowingoperation or computation on encrypted data to be executed as is inciphertext and that operation or computation of the database operationcommand is operation or computation that can be executed on ciphertext,

performing operation or computation on the operation target data inciphertext and

sending a processing result in ciphertext to the user apparatus.

(Supplementary Note 16)

The database control method according to Supplementary Note 14 or 15,comprising

storing and managing, in a first storage unit,

information on whether or not the metadata including table and columnnames stored in the database is encrypted,

information on whether or not data stored in the database is encrypted,

confidentiality information representing extent of data security, and

encryption algorithm identification information corresponding to theconfidentiality information; and

storing and managing in a second storage unit, at least

cryptographic protocol identification information associating processingcontent in the database operation command, confidentiality informationand encryption algorithm with each other.

(Supplementary Note 17)

The database control method according to Supplementary Note 16,comprising

executing processing corresponding to the database operation command ondata encrypted by an encryption algorithm corresponding to theconfidentiality information in ciphertext, based on cryptographicprotocol identification information stored in the second storage unit.

(Supplementary Note 18)

The database control method according to one of Supplementary Note 14 to17, comprising

regarding the computation operation corresponding to the databaseoperation command, if the computation operation corresponds tohomomorphic computation and the encryption algorithm corresponds tohomomorphic encryption,

executing the computation operation on data in ciphertext in thedatabase and

sending the computation result in ciphertext to the user apparatus.

(Supplementary Note 19)

The database control method according to one of Supplementary Note 14 to17, comprising

regarding the computation of the database operation command, if theoperation target data stored in the database in ciphertext is encryptedby an encryption algorithm not allowing the computation to be executedon encrypted data, and sending the encrypted data in the database to theuser apparatus, and

the user apparatus decrypting the encrypted data into plaintext andexecuting the computation on the plaintext.

(Supplementary Note 20)

The database control method according to one of Supplementary Note 14 to19, comprising

when column data in a table in the database is encrypted, the userapparatus encrypting the column data with an encryption algorithmcorresponding to confidentiality information set to the column data andsending the encrypted data to the database apparatus,

the database apparatus creating a ciphertext table including a set of aserial number and ciphertext of the column data, and

managing the ciphertext table in a ciphertext table information tableincluding a set of a table name, a column name, an encryption algorithm,and a ciphertext table name.

(Supplementary Note 21)

The database control method according to one of Supplementary Note 14 to19, comprising

when column data in a table in the database is encrypted, the columndata is read from the database,

getting public key information from the user apparatus, and encryptingthe column data,

creating a ciphertext table including a set of a serial number andciphertext of the column data, and

to manage the ciphertext table, providing a ciphertext table informationtable including a set of a table name, a column name, an encryptionalgorithm, and a ciphertext table name.

(Supplementary Note 22)

The database control method according to Supplementary Note 20 or 21,comprising

when a database operation command to add column data is received fromthe user apparatus, adding a pair of an updated serial number andciphertext in the ciphertext table in the database.

(Supplementary Note 23)

The database control method according to Supplementary Note 14,comprising

when receiving an instruction to change confidentiality informationabout data stored in the database,

the database apparatus sending encrypted data stored in the database tothe user apparatus,

the user apparatus decrypting the encrypted data into plaintext andencrypting the plaintext again with an encryption algorithmcorresponding to the changed confidentiality information, and

the database apparatus receiving the re-encrypted data from the userapparatus and storing the re-encrypted data in the database.

(Supplementary Note 24)

A program, causing a computer which is included in a database controlapparatus that is connected to a user apparatus for communication andthat executes data access control on a database to execute processingcomprising:

receiving a database operation command from the user apparatus,

executing at least one of: database operation or computation onencrypted data and/or encrypted metadata as is in ciphertext, anddatabase operation or computation on plaintext data and/or metadata,regarding data and/or metadata to be handled associated with thedatabase operation command, and

sending a processing result of the database operation to the userapparatus.

(Supplementary Note 25)

The program according to Supplementary Note 24, wherein when a databaseoperation command is received from the user apparatus, when such acondition is met that operation target data encrypted and stored in thedatabase is encrypted by an encryption algorithm allowing operation orcomputation on encrypted data to be executed as is in ciphertext andthat operation or computation of the database operation command isoperation or computation that can be executed on ciphertext, the programcauses the computer to execute processing to perform operation orcomputation on the operation target data in ciphertext and to send aprocessing result in ciphertext to the user apparatus.

(Supplementary Note 26)

The program according to Supplementary Note 24 or 25, wherein theprogram causes the computer to execute processing to send a computationresult of partial computation of a computation of the database operationcommand to the user apparatus in ciphertext,

wherein when the user apparatus finds that further partial computationneeds to executed in plaintext, the user apparatus executing the partialcomputation on data obtained by decrypting the encrypted data intoplaintext,

wherein when the computation of the database operation command stillincludes partial computation in ciphertext and if the partialcomputation is allowed to be executed on ciphertext as is in ciphertext,the user apparatus sends ciphertext obtained by encrypting the result ofthe partial computation in plaintext to the database control apparatus,

the program causing the computer to execute processing comprising

executing the remaining partial computation of the computation of thedatabase operation command in ciphertext by using the encrypted datasent from the user apparatus and sending the computation result of thepartial computation to the user apparatus in ciphertext.

(Supplementary Note 27)

The program according to any one of Supplementary Note 24 to 26, causingthe computer to execute processing comprising:

storing information about encryption and non-encryption of the metadataincluding table and column names stored in the database, information onwhether or not data stored in the database is encrypted, confidentialityinformation representing extent of data security, and encryptionalgorithm identification information corresponding to theconfidentiality information in a first storage unit, and

storing cryptographic protocol identification information associatingprocessing content in the database operation command, confidentialityinformation, and encryption algorithm with each other in a secondstorage unit.

(Supplementary Note 28)

The program according to Supplementary Note 27, wherein the databaseserves as at least one of the first and second storage units, and

wherein the program causes the computer to execute processing forstoring the information stored in the first and/or second storage unitas a table in the database.

(Supplementary Note 29)

The program according to Supplementary Note 27 or 28, wherein theprogram causes the computer to execute cryptographic protocol processingthat executes processing corresponding to the database operation commandon data encrypted by an encryption algorithm corresponding to theconfidentiality information in ciphertext, based on cryptographicprotocol identification information stored in the second storage unit.

(Supplementary Note 30)

The program according to any one of Supplementary Note 24 to 29, whereinregarding the computation operation corresponding to the databaseoperation command, if the computation operation corresponds tohomomorphic computation and the encryption algorithm corresponds tohomomorphic encryption, the program causes the computer to executeprocessing for executing the computation operation on data in ciphertextin the database and sending the computation result in ciphertext to theuser apparatus.

(Supplementary Note 31)

The program according to any one of Supplementary Note 24 to 29, whereinregarding the computation of the database operation command, if theoperation target data stored in the database in ciphertext is encryptedby an encryption algorithm not allowing the computation to be executedon encrypted data, the program causes the computer to execute processingfor sending the operation target encrypted data to the user apparatus,and

wherein the user apparatus decrypts the encrypted data into plaintextand executes the computation.

(Supplementary Note 32)

The program according to any one of Supplementary Note 24 to 31, whereinif column data in a table in the database is encrypted, the userapparatus encrypts the column data with an encryption algorithmcorresponding to confidentiality information set to the column data andsends the encrypted data to the database control apparatus,

wherein the program causes the computer to execute processing forcreating a ciphertext table including a set of a serial number andciphertext of the column data, and

wherein the program causes the computer to execute processing formanaging the ciphertext table by using a ciphertext table informationtable including a set of a table name, a column name, an encryptionalgorithm, and a ciphertext table name.

(Supplementary Note 33)

The program according to any one of Supplementary Note 24 to 32, whereinthe program causes the computer to execute encryption calculationprocessing for encrypting metadata and/or data by using a public keysent from the user apparatus.

(Supplementary Note 34)

The program according to Supplementary Note 33, wherein the programcauses the computer to execute processing comprising:

reading, if column data in a table in the database is encrypted, thecolumn data from the database, acquiring public key information from theuser apparatus, and encrypting the column data,

creating a ciphertext table including a set of a serial number andciphertext of the column data, and

managing the ciphertext table by using a ciphertext table informationtable including a set of a table name, a column name, an encryptionalgorithm, and a ciphertext table name.

(Supplementary Note 35)

The program according to Supplementary Note 32 or 34, wherein theprogram causes the computer to execute processing for, when a databaseoperation command to add column data is inputted from the userapparatus, adding a pair of an updated serial number and ciphertext inthe ciphertext table in the database.

(Supplementary Note 36)

The program according to Supplementary Note 23, wherein the programcauses the computer to execute processing for, when receiving aninstruction to change confidentiality information about data stored inthe database, sending encrypted data stored in the database to the userapparatus,

causing the user apparatus side to decrypt the encrypted data intoplaintext and encrypt the plaintext again with an encryption algorithmcorresponding to the changed confidentiality information, and

receiving the re-encrypted data from the user apparatus and storing there-encrypted data in the database.

The disclosure of each of the above Patent Literatures 1 to 3 andNon-Patent Literature 1 is incorporated herein by reference thereto.Modifications and adjustments of the exemplary embodiment(s) andexample(s) are possible within the scope of the overall disclosure(including the claims) of the present invention and based on the basictechnical concept of the present invention. Various combinations andselections of various disclosed elements (including the elements in eachof the claims, examples, drawings, etc.) are possible within the scopeof the claims of the present invention. That is, the present inventionof course includes various variations and modifications that could bemade by those skilled in the art according to the overall disclosureincluding the claims and the technical concept.

The invention claimed is:
 1. A database apparatus comprising: a firststorage unit; a second storage unit; and a processor which executes aprogram and thereby comprises: a control unit configured to execute dataaccess control on a database, the control unit receiving a databaseoperation command from a user apparatus connected with the databaseapparatus through a network, and the control unit comprising, regardingdata and/or metadata to be handled associated with the databaseoperation command: a first unit configured to execute a databaseoperation or computation on encrypted data and/or encrypted metadatawhile keeping the encrypted data and/or encrypted metadata asciphertext; and a second unit configured to execute the databaseoperation or computation on plaintext data and/or plaintext metadata;wherein the first storage unit stores: information on whether or not themetadata including table and column names stored in the database areencrypted, information on whether data stored in the database isencrypted, confidentiality information representing extent of datasecurity, and encryption algorithm identification informationcorresponding ng to the confidentiality information; and wherein thesecond storage unit stores processing content of the database operationcommand, confidentiality information and encryption algorithm inassociation with each other, wherein the control unit sends a processingresult of the database operation or computation to the user apparatus,wherein the control unit further comprises an encryption calculationunit performing au encryption at the database apparatus using a publickey received from the user apparatus, wherein the control unit sends acomposition result of partial computation of the computation of thedatabase operation command in ciphertext to the user apparatus, the userapparatus, when finding that further partial computation needs to beexecuted on plaintext, decrypts the encrypted data to obtain plaintextdata and executes partial computation on plaintext data, in the casewherein further partial computation to be executed in ciphertext remainsin the computation of the database operation command, and the partialcomputation is allowed to be executed on ciphertext while keeping theencrypted data and/or encrypted metadata as ciphertext, the userapparatus sends ciphertext obtained by encrypting the plaintext resultof the partial computation to the control unit, and using the ciphertextsent from the user apparatus, the control unit executes a remainingpartial computation of the computation of the database operation commandon encrypted data while keeping the encrypted data and/or encryptedmetadata as ciphertext and sends the computation result of the partialcomputation in ciphertext to the user apparatus.
 2. The databaseapparatus according to claim 1, wherein, upon reception of the databaseoperation command from the user apparatus, the control unit, whenfinding that such a condition is met that operation target dataencrypted and stored in the database is one that acts encrypted with anencryption algorithm allowing operation or computation on encrypted datato be executed while keeping the encrypted data an of encrypted metadataciphertext, and that the operation or computation of the databaseoperation command is one that is allowed to be executed on ciphertextwhile keeping the encrypted data and/or encrypted metadata asciphertext, performs the operation or computation on the operationtarget data encrypted, while keeping the encrypted data and/or encryptedmetadata as ciphertext, outputs a processing result of the operation orcomputation in ciphertext to send the processing result to the userapparatus.
 3. The database apparatus according to claim 1, wherein atleast one of the first and second storage units is the database, and thedatabase stores the information stored in the first and/or secondstorage unit as a table.
 4. The database apparatus according to claim 1,wherein the control unit further comprises a cryptographic protocolprocessing execution unit that executes processing corresponding to thedatabase operation command on data encrypted by an encryption algorithmcorresponding to the confidentiality information, while keeping theencrypted data and/or encrypted metadata as ciphertext, based oncryptographic protocol identification information stored in the secondstorage unit.
 5. The database apparatus according to claim 1, wherein ina case wherein the computation operation corresponds to homomorphiccomputation and the encryption algorithm corresponds to homomorphicencryption, the control unit executes the computation operation onencrypted data stored in the database while keeping the encrypted dataand/or encrypted metadata as ciphertext, and sends the computationresult in ciphertext to the user apparatus.
 6. The database apparatusaccording to claim 1, wherein when finding that the operation targetdata encrypted and stored in the database in ciphertext is encrypted byan encryption algorithm not allowing the computation to be executed onencrypted data while keeping the encrypted data and/or encryptedmetadata as ciphertext, the control unit sends the operation target dataencrypted to the user apparatus, and the user apparatus decrypts theencrypted data into plaintext and executes the computation on theplaintext.
 7. The database apparatus according to claim 1, wherein theuser apparatus, when encrypting column data in a table in the database,encrypts the column data using an encryption algorithm corresponding toconfidentiality information set to the column data and sends theencrypted data to the control unit, and the control unit createsciphertext table including set of a serial number and ciphertext of thecolumn data, the database apparatus further comprising: a ciphertexttable information table to manage the ciphertext table, the ciphertexttable information table including a set of a table name, a column name,an encryption algorithm, and a ciphertext table name.
 8. The databaseapparatus according to claim 1, wherein when encrypting column data in atable in the database, encrypts the column data from the database, getspublic key information from the user apparatus, and uses the encryptioncalculation unit to encrypt the column data, and the database apparatuscreates a ciphertext table including a set of a serial number andciphertext of the column data, and the database apparatus furthercomprises: a ciphertext table information table to manage the ciphertexttable, the ciphertext table information table comprising a set of atable name, a column name, an encryption algorithm, and a ciphertexttable name.
 9. The database apparatus according to claim 7, wherein uponreception of a database operation command to add column data from theuser apparatus, the control unit adds a set of an updated serial numberand ciphertext in the ciphertext table in the database.
 10. The databaseapparatus according to claim 1, wherein upon reception of an instructionto change confidentiality information about data stored in the database,the control unit sends encrypted data stored in the database to thenicer apparatus, the user apparatus decrypts the encrypted data intoplaintext and encrypts the plaintext again using an encryption algorithmcorresponding to the changed confidentiality information, and thecontrol unit receives the re-encrypted data from the user apparatus andstores the re-encrypted data in the database.
 11. A database controlmethod, comprising: receiving a database operation command from a userapparatus, connected with a database apparatus through a network, whendata access control is executed on a database; performing an encryptionat the database apparatus using a public key received from the userapparatus; executing, regarding data and/or metadata to be handledassociated with the database operation command, at least one of: adatabase operation or computation on encrypted data and/or encryptedmetadata while keeping the encrypted data and/or encrypted metadata asciphertext; the database operation or computation on plaintext dataand/or plaintext metadata; sending a processing result of the databaseoperation or computation to the user apparatus; storing and managing, ina first storage unit: information on whether the metadata includingtable and column names stored in the database is encrypted, informationon whether data stored in the database is encrypted, confidentialityinformation representing extent of data security, and encryptionalgorithm identification information corresponding to theconfidentiality information; and storing and managing in a secondstorage unit, at least processing content of the database operationcommand, confidentiality information and encryption algorithm inassociation with each other, wherein the database apparatus sends acommutation result of partial computation of the computation of thedatabase operation command in ciphertext to the user apparatus, the userapparatus, when finding that further partial computation needs to beexecuted on plaintext, decrypts the encrypted data to obtain plaintextdata and executes partial computation on plaintext data, in the casewherein further partial computation to be executed in ciphertext remainsin the computation of the database operation command, and the partialcomputation is allowed to be executed on ciphertext while keeping theencrypted data and/or encrypted metadata as ciphertext, the userapparatus sends ciphertext obtained by encrypting the plaintext resultof the partial computation to the database apparatus, and using theciphertext sent from the user apparatus, the database apparatus executesa remaining partial computation of the computation of the databaseoperation command on encrypted data while keeping the encrypted dataand/or encrypted metadata as ciphertext and sends the computation resultof the partial computation in ciphertext to the user apparatus.
 12. Thedatabase control method according to claim 11, comprising: uponreception of a database operation command from the user apparatus, whena condition is met that operation target data encrypted and stored inthe database is to be encrypted with an encryption algorithm allowingthe operation or computation on encrypted data to be executed whilekeeping the encrypted data and/or encrypted metadata as ciphertext, andthat the operation or computation of the database operation command isallowed to be executed on ciphertext while keeping the encrypted dataand/or encrypted metadata as ciphertext; performing the operation orcomputation on the operation target data encrypted, while keeping theencrypted data and/or encrypted metadata as ciphertext; and sending aresult processed in ciphertext to the user apparatus.
 13. The databasecontrol method according to claim 11, further comprising executingprocessing corresponding to the database operation command on encrypteddata while keeping the encrypted data and/or encrypted metadata asciphertext, the encrypted data being encrypted by an encryptionalgorithm corresponding to the confidentiality information, based oncryptographic protocol identification information stored in the secondstorage unit.
 14. The database control method according to claim 11,further comprising when the computation operation is a homomorphiccomputation and the encryption algorithm is a homomorphic encryption,executing the computation operation on encrypted data in the databasewhile keeping the encrypted data and/or encrypted metadata as ciphertextto send the computation result in ciphertext to the user apparatus. 15.The database control method according to claim 11, further comprising:when the operation target data stored in the database in ciphertext isencrypted by an encryption algorithm not allowing the computation to beexecuted on encrypted data while keeping the encrypted data and/orencrypted metadata as ciphertext, sending the encrypted data in thedatabase to the user apparatus; and the user apparatus decrypting theencrypted data into plaintext to execute the computation on theplaintext.
 16. The database control method according to claim 11,further comprising: when column data in a table stored in the databaseis encrypted, the user apparatus encrypting the column data with anencryption algorithm corresponding to confidentiality information set tothe column data to send the encrypted data to a database apparatus; thedatabase apparatus creating a ciphertext table including a set of aserial number and ciphertext of the column data, and managing theciphertext table by providing a ciphertext table information tablecomprising a set of a table name, a column name, an encryptionalgorithm, and a ciphertext table name.
 17. The database control methodaccording to claim 11, further comprising: when column data in a tablein the database is encrypted, reading the column data from the database,acquiring public key information from the user apparatus to encrypt thecolumn data; creating a ciphertext table including a set of a serialnumber and ciphertext of the column data; and managing the ciphertexttable by providing a ciphertext table information table comprising a setof a table name, a column name, an encryption algorithm, and aciphertext table name, as a set.
 18. The database control methodaccording to claim 16, comprising: upon reception of a databaseoperation command to add column data from the user apparatus, adding aset of an updated serial number and ciphertext in the ciphertext tablein the database.
 19. The database control method according to claim 11,further comprising: upon reception of an instruction to changeconfidentiality information about data stored in the database: thedatabase apparatus sending encrypted data stored in the database to theuser apparatus; the user apparatus decrypting the encrypted data intoplaintext and encrypting the plaintext again using an encryptionalgorithm corresponding to the changed confidentiality information; andthe database apparatus receiving the re-encrypted data from the userapparatus to store the re-encrypted data in the database.
 20. Anon-transitory computer readable medium storing a program causing acomputer, which is included in a database control apparatus that isconnected to a user apparatus for communication and that executes dataaccess control on a database, to execute processing comprising:receiving a database operation command from the user apparatus connectedwith the database control apparatus through a network; performing anencryption at the database control apparatus using a public key receivedfrom the user apparatus; executing, regarding data and/or metadata to behandled associated with the database operation command, at least one of:a database operation or computation on encrypted data and/or encryptedmetadata while keeping the encrypted data and/or encrypted metadata asciphertext; the database operation or computation on plaintext dataand/or metadata; sending a processing result of the database operationor computation to the user apparatus; storing and managing, in a firststorage unit: information on whether the metadata including table andcolumn names stored in the database is encrypted, information on whetherdata stored in the database is encrypted, confidentiality informationrepresenting extent of data security, and encryption algorithmidentification information corresponding to the confidentialityinformation; and storing and managing in a second storage unit, at leastprocessing content of the database operation command, confidentialityinformation and encryption algorithm in association with each other,wherein the database control apparatus sends a computation result ofpartial computation of the computation of the database operation commandin ciphertext to the user apparatus, the user apparatus, when findingthat further partial computation needs to be executed on plaintext,decrypts the encrypted data to obtain plaintext data and executespartial computation on plaintext data, in the case wherein furtherpartial computation to be executed in ciphertext remains in thecomputation of the database operation command, and the partialcomputation is allowed to be executed on ciphertext while keeping theencrypted data and/or encrypted metadata as ciphertext, the userapparatus sends ciphertext obtained by encrypting the plaintext resultof the partial computation to the database control apparatus, and usingthe ciphertext sent from the user apparatus, the database controlapparatus executes a remaining partial computation of the computation ofthe database operation command on encrypted data while keeping theencrypted data and/or encrypted metadata as ciphertext and sends thecomputation result of the partial computation in ciphertext to the userapparatus.
 21. The non-transitory computer readable medium according toclaim 20, wherein the program causes the computer to execute furtherprocessing comprising: upon reception of a database operation commandfrom the user apparatus, when a condition is met that operation targetdata encrypted and stored in the database is to be encrypted by anencryption algorithm allowing the operation or computation on encrypteddata to be executed while keeping the encrypted data and/or encryptedmetadata as ciphertext and that operation or computation of the databaseoperation command is allowed to be executed on ciphertext while keepingthe encrypted data and/or encrypted metadata as ciphertext; performingoperating or computation on the operation target data encrypted inciphertext; and sending a result processed in ciphertext to the userapparatus.